Well, assuming we're talking about open source here, it's more a distro's choice. But
programmers knowing that their code is security critical and don't trust it enough should
indeed enable a few useful obscure compiler flags.
Oops, I gave the wrong example, I meant strncpy instead of strncat. The latter is indeed safe.