Re: Critical vs Functional
Even tiny, cheap microcontrollers have lots of analog inputs these days, and can tell if a channel has gone O/C or S/C. PTC not needed.
Except you still need code to handle the error. If silly-con valley employee #183453 fat fingers one line, all bets are off. You need to do this in a hard-wired, can't be pissed about with way on each cell pack. if (analog.read(A0) < BATTERY70CPOINT) then pwm_global_bias--; simply isn't good enough. As I said, there's nothing wrong with a bit of feedback as long as you have a good old-fashioned crowbar-like failsafe with a bipolar attitude to thermal runaway. KISS principle for safety, always.
You can't simply limit current to the motor because it has to be converted to multiphase AC; the motor control circuitry must be told to restrict maximum power, you can't simply put a honking great MOSFET in the DC input and use it as a current regulator, because the downstream voltage will drop and soon after your MOSFET will melt.
I said nothing about limiting current in the traditional sense. PWM. You don't leave a power FET in between its off and saturation point; a honking great MOSFET (probably HEXFETs in this application) is usually a fuckton of them parallelised and the power wasted from a load of those in limbo would probably fuel a miniature sun. Basic, assumed practice which I shouldn't have to explain here.
As for multiphase AC, assuming you meant that literally, these things are either "honking great" steppers, i.e. pseudo AC which is really just a DC source being alternated between windings or pure PM units, either of which means you can recover energy through regenerative braking, which is where the concern about rare earth mining for these electrojalopies comes from. If Tesla are using energised field coils and fancy waveforms, someone's not doing their design properly and it's no wonder Jezza can't get 300+ miles from a fancy milk float.
I still maintain there should be an autonomous safety system segmented from the "upgradable" firmware that any old jumped-up skiddie with a massaged CV can piss about with and push OTA which can overrule the likes of the infotainment system when the owner sticks it in OMFG, THE TORQUE! mode. I'm sure most rational human beings would rather their car lose a bit of oomph or stop than lose all power and catch fire which, ironically, also disables Tesla's fancy door latches which, as far as I can ascertain, were only implemented so they can open and close the doors in "celebration" mode. Yes, there's a bit of string in the rear quarter for first-responders but that's little consolation when you're sitting there wondering why it's so hot and there's an overwhelming smell of roast pork coming from your trousers.
That last point emphasises my concern with fancy bollocks over safety.