It isn't enough for write_safe to not abort. You really want to do the unlink before the write. The point is that if you don't, then if I kill the ap via control-C while it is doing the slow disk write and read (not unlikely) then the disk file is going to be left around.