Is `Strings` vulnerable to regexp injection by design?

[danon]

This usage emits a warning and reveals underlying implementation:

Strings::sprintAssoc("This is %{what}! %{what}? This is %{+}!", [
    '+' => 'madness',
]);

preg_replace(): Compilation failed: nothing to repeat at offset 3

---

And also, you can't use unquoted slash /.

Strings::replaceNth($uri, 'http://www', '', 2);

preg_match_all(): Unknown modifier 'w'

Is this by design?