I don't think one should mix validation and safety as such since it risks becoming non-obvious. When the validation criteria changes six month later someone might rewrite the validation without considering that it's also a safety feature. By making the proper way to use it restrictive one might end up bypassing the validation and using the unsafe part by re-implementation if not directly. It could also be that the error isn't malicious, but that the hash for some reason ends up being faulty.