If you use /tmp like everyone else, other users can write scripts to read your session data store.

safe_mode only protects against PHP scripts. Do your potential attackers not know any other languages?