The documentation for Safe Haskell states:
[...] Unfortunately Template Haskell can be used to subvert module boundaries and so could be used gain access to this constructor. [...] The use of the -XSafe flag to compile the Danger module restricts the features of Haskell that can be used to a safe subset. This includes disallowing unsafePerfromIO, Template Haskell,[...]
Used as a macro system that translates an AST to another AST, should it not be possible to simply restrict TH to the safe subset of Haskell, and also restrict the resulting AST to this subset?