Designing a system with safety requirements means balancing the system's safety, security and functionality (usefulness) requirements so that, while the system is adequately safe and secure, it is also useful. This paper draws on the authors' practical experience designing such systems to explore the relationships between these antagonistic requirements, and presents a simple example illustrating their implications for safe and useful system design.