A system’s being “fail-safe” means not that failure is impossible or improbable, but rather that the system’s design prevents or mitigates unsafe consequences of the system’s failure. That is, if and when a “fail-safe” system “fails”, it is “safe” or at least no less safe than when it was operating correctly.