Re: Yay! Its groundhog day!
Whether it is "safe" or not is irrelevant; even whether it is deemed "safe" is irrelevant because it is just not possible.
Look at it this way: You can download the source code for openssl and its dependencies and change the algorithms and remove any malicious code that may generate a key pair that would grant anyone with a master key access. You could even do something as simple as add another layer of security.
Another way to circumvent it without developing any further software is to encrypt it with 2 keys. If CA's are mandated to generate certificates that would require a master key then you get one of the CA for transportation purposes and encrypt the data with a self signed key.
At the end of the day, it is just pure unadulterated bullshit.