I’m not sure I understand. There isn’t any discussion in that link? Just the initial post that seems to conclude the same as me (albeit in more general terms, no concrete example as above). It links to a pull request, saying “As discussed [there]”, but then there is also no discussion there either: it just implements additional options with the same flaw as existing options. Aha, but this pull request has a link to another ticket (3414)! But it’s also just about those options, not at all about the forget command being dangerous. This ticket links to a forum post but that also has no discussion about it being unsafe/dangerous/confusing (and a few other keywords I ctrl+f’d for).
Thanks for the link as this indeed seems to request a change similar to the one I think we should probably make (there is always more to read, isn’t there 
), but it does not really answer the question of whether there already exists a possible safe forget rule (one just has to be careful in designing it) and if this is really the attack that the threat model speak of or if there is more to consider when designing a solution (be it as part of mainline restic or a custom script).