I agree, this really doesn't seem to a great situation.
Using malloc, free, sprintf, etc are unsafe. But they are still part of POSIX, ISO C, ISO C++
It can be a good idea mark some of these with some kind of attribute, some kind of warning.
std::strstream is deprecated in C++98
std::is_literal_type is deprecated in C++17 and removed in C++20
gets is deprecated in C99 and removed C11
I checked, sprintf is not deprecated in any standard. We want to use the -Wdeprecated-declarations warning, it does help with (mainly future) portability.
sprintf being unsafe has nothing to do with this. The whole C programming language is "an interface that’s so easy to misuse", but that is besides the point.
Is Apple going to remove sprintf in a future release, and deny compiling C99 code?
If not, why add __attribute__((__deprecated__)) to sprintf?