Great!

But there isn't a C implementation of smart pointers that's shared by kernel and userspace code. So how would Rust look "much [more] different"?

On error handling: it's a very difficult problem. I don't think we're ready to declare a winning approach that's worth betting a language on. I don't think any of the popular approaches (other than "fail catastrophically") deal with the core problem: fine-grained error handling introduces an explosion of rarely-taken code paths that are very expensive to test and verify (much like threads with fine-grained locking).

As a browser developer, what I want from Rust (which isn't there yet in 1.0, but hopefully someday) is for OOM and other difficult errors to cause task termination, and for applications and libraries to detect and recover from task termination --- i.e. using tasks to delineate boundaries of failure and recovery. Mapping all catastrophic errors onto "the task died" should reduce the number of observable error states, in particular because Rust provides tools to constrain communication between tasks (e.g. preventing data races).

BTW from Mozilla's point of view, systems programming includes browsers and low-level userspace libraries as well as kernels. Robust OOM handling for every individual allocation is so unknown in userspace that it would have been a bad idea to complicate Rust to allow for it. Heck, as recently seen on LWN, it's not even the rule in the Linux kernel.