It would seem that providing the 'safe' version would mean just coming up with a simple protocol and implementing a very thin c program that translates that protocol to libffi calls. Then talking to said c program via pipes or what have you. This should give you the best of both worlds at some cost in speed but a huge increas in reliability.