diff --git a/lib/src/lib.rs b/lib/src/lib.rs
index c011ed36e..7706f8d5c 100644
--- a/lib/src/lib.rs
+++ b/lib/src/lib.rs
@@ -1,7 +1,6 @@
+#![warn(unsafe_op_in_unsafe_fn)]
 mod util;
 
-// TODO: #![..]
-#[warn(unsafe_op_in_unsafe_fn)]
 pub mod replica;
 pub mod result;
 pub mod status;
diff --git a/lib/src/string.rs b/lib/src/string.rs
index df0eebddb..163c2caf8 100644
--- a/lib/src/string.rs
+++ b/lib/src/string.rs
@@ -52,7 +52,8 @@ impl<'a> TCString<'a> {
     /// the lifetime promised by C.
     pub(crate) unsafe fn from_arg(tcstring: *mut TCString<'a>) -> Self {
         debug_assert!(!tcstring.is_null());
-        *(Box::from_raw(tcstring))
+        // SAFETY: see docstring
+        unsafe { *(Box::from_raw(tcstring)) }
     }
 
     /// Borrow a TCString from C as an argument.
@@ -64,7 +65,8 @@ impl<'a> TCString<'a> {
     /// the lifetime promised by C.
     pub(crate) unsafe fn from_arg_ref(tcstring: *mut TCString<'a>) -> &'a mut Self {
         debug_assert!(!tcstring.is_null());
-        &mut *tcstring
+        // SAFETY: see docstring
+        unsafe { &mut *tcstring }
     }
 
     /// Get a regular Rust &str for this value.
diff --git a/lib/src/task.rs b/lib/src/task.rs
index ab79079a3..841ae83f5 100644
--- a/lib/src/task.rs
+++ b/lib/src/task.rs
@@ -53,7 +53,8 @@ impl TCTask {
     /// the lifetime promised by C.
     pub(crate) unsafe fn from_arg_ref<'a>(tctask: *mut TCTask) -> &'a mut Self {
         debug_assert!(!tctask.is_null());
-        &mut *tctask
+        // SAFETY: see docstring
+        unsafe { &mut *tctask }
     }
 
     /// Take a TCTask from C as an argument.
@@ -63,7 +64,8 @@ impl TCTask {
     /// The pointer must not be NULL.  The pointer becomes invalid before this function returns.
     pub(crate) unsafe fn from_arg<'a>(tctask: *mut TCTask) -> Self {
         debug_assert!(!tctask.is_null());
-        *Box::from_raw(tctask)
+        // SAFETY: see docstring
+        unsafe { *Box::from_raw(tctask) }
     }
 
     /// Convert a TCTask to a return value for handing off to C.
@@ -84,7 +86,7 @@ impl TCTask {
                 // SAFETY:
                 //  - tcreplica is not null (promised by caller)
                 //  - tcreplica outlives the pointer in this variant (promised by caller)
-                let tcreplica_ref: &mut TCReplica = TCReplica::from_arg_ref(tcreplica);
+                let tcreplica_ref: &mut TCReplica = unsafe { TCReplica::from_arg_ref(tcreplica) };
                 let rep_ref = tcreplica_ref.borrow_mut();
                 Inner::Mutable(task.into_mut(rep_ref), tcreplica)
             }