I'd like to have an option like that - it would be nice in instances where I know a file system is full of errors but want to recover what I can without a panic, and on the other side of the coin want to panic before tolerating any detectable inconsistency. This probably digresses a bit from the security aspects, but I think that sort of option would be of great general benefit as well as being useful from a security perspective.
What I would personally love to see, from a security perspective, is the ability to define what sorts of devices I do trust. Does NetBSD have a mechanism similar to the /dev/disk/by-uuid/ presented in Linux? Taking it a bit further.. wouldn't it be possible to, for instance, define a certain vendor:device combo as "accepted" for a USB serial device, and have that be to the exclusion of others?
I don't wish to spend NetBSD dev time on my own convenience and laziness, and would happily help out - these simply spring to mind as things I have, in Linux, taken shortcuts with in the name of convenience that might (might!) offer some negligible protection (for example, only a uplcom(4) serial device would be able to fool one of my kernels... that sort of thing.)
I agree with Matt (both of them) and Erik, and in the spirit of waxing philosophic, will say that I find it very interesting to find a balance here given that as a security professional I am also guilty of taking the easy way out when there is one.