1. Yes. A COM object does not run under the CLR. It is not managed,
therefore it is unsafe.
2. I'm not sure. Someone smarter than I am can tell you whether the
method that calls the COM object needs the 'unsafe' keyword. I know
that the code that calls the automatically-generated Interop.dll does
_not_ need the 'unsafe' keyword. However, if you're writing your own
interop, I don' t know.
3. No. .NET code that calls a COM object is managed because it runs
under the CLR (all .NET code is compiled to IL and runs under the CLR).
"Unmanaged" refers to code running native on your PC, outside the
bounds of the CLR.
4. No. All unmanaged code is unsafe. However, some managed code,
running under the CLR, can also be unsafe. This is what the 'unsafe'
keyword is for: to signal to the compiler that you know you are about
to use language constructs that may bypass security checks and are
therefore 'unsafe'.
However, all non-.NET (unmanaged) code runs native on the machine, not
under the CLR, so it cannot be subject to the CLR's security framework,
and is therefore by definition 'unsafe'.