The workaround is to make a separate local Swift package that has no unsafe flags, which depends on the unsafe local package. And then import that, into yr xcproj's. As mentioned elsewhere you may need to @_exported import the wrapped, unsafe one in a shim file of the save one.
Hopefully they patch this, because it feels like an ugly hack, but at least there's a workaround.