As a developer as well as end-user, and as someone who works
at a company that leverages FOSS, s/w obtained from the ASF
has always been "safe" in that there were always expectations
related to the s/w... one of which, as I have phrased it
before, is that it is "brain dead easy", legal-wise, to
consume it; that there's nothing in there that would cause lawyers
to get itchy.
Inclusion of non-OSI approved licenses make lawyers itchy.