It all depends on how far you want to go with the paranoia! <grin>
My background is in industrial control - so I'm plenty paranoid..
In 'dumb' control systems you tended to have independent monitoring/safety systems.
With more advanced, micro-based systems - you either rely on the controller to look after itself, and operate 'safety' relays - or go you for full-blown belt&braces and have a second system (ideally with as small a component count as possible) looking over the micro's shoulder - and with the ability to stop proceedings if it thinks fit.
In this system I have an additional system (based on a Raspberry Pi) which feeds real-time info to a remote pc. It wouldn't be at all difficult for that system to also have a hand in the safety system - just an output from the RPi and a relay in series with the main controller's relay. That way, if the controller should lose its marbles, then the RPi would stand half a chance of saving the day..
Crowbar protection! That takes me back. I was contracted to work on a bulk petroleum tanker loading system back in the 80's. The USA-based designers of the computer part decided to add a simple backup PSU, based on their own design, with a big Dryfit lead-acid battery. To protect the micro, they fitted an over-voltage crowbar system. Unfortunately the crowbar was prone to being tripped by transients, and was connected directly across the Dryfit... Hmmmm!
Thanks