When the European space agency designed the Ariane 4 rocket allocated 16 bits to some variable relating to its horizontal velocity. This variable was only used during the first minute of flight, and engineers computed that it could not possibly overflow given the launch profile Ariane 4 used. Because of this and limited processing power, engineers omitted an overflow check. This worked fine, and Ariane 4 would go on to launch succesfully 113/116 times (97%).
Ariane 5 used a different launch profile. The impossible was now possible and the 16 bit value overflowed. The inertial reference system failed, along with its backup (which was running the same code), causing the rocket to receive wrong data.
At the same time, having added big uppercase warnings in the Ariane 4 source code and architecture docs, might have prevented this.
So, important, in safety critical code, to assume that others might blindly copy paste in bad ways -- and then try to warn them, although you might not be there any longer
This sounds distressingly similar to the Therac-25 failures. A radiotherapy machine who's software was (blindly?) copy-pasted from a previous version of the system which had hardware interlocks to prevent unsafe configurations of the radiation emitter.
The new one did not have these interlocks, instead doing everything in software. The result of this was a few people being fatally irradiated when a certain race condition was triggered.
Eminently reasonable: dispensing with memory management (allocate/gc) for an embedded real-time missile guidance system. It may have even had static memory layout which likely further improves performance.
Presumably, the RAM was a rounding error in the total budget.
And this move eliminated an entire class of bugs (use after free).
edit: And, you don't have to worry about memory fragmentation, or how long free() might take in the worst case.