Re: Sounds like a good idea
You’ve basically described how security arise. Make assumption. Assumption is invalidated. Shit happens.
It’s also why we (should) unit test for such things before pushing to prod. But hey, testing is boring so we don’t do it right?
As to using unused bits - plenty of tech still does that. The Deflate also, ASN.1 PER etc. It’s not going away.