I agree that arr[at:] is the best spelling so far.
Both arr[checked:] and arr[safe:] imply that the existing unlabeled subscript is unchecked and unsafe, which is incorrect.
The existing unlabeled subscript is both safe and checked. It is safe (in the sense Swift uses the word) because it checks whether the given index is within bounds and traps otherwise.
An unsafe or unchecked version of the subscript would not do any bounds check (for efficiency I guess) and have undefined behavior for out of bounds indices.