This is why there's maneuvering speed (VA), or turbulent air penetration speed (VB). It isn't necessary to over design it, you just slow down and, voila, the airfoil will sooner stall than break - and the stall is brief, feels like sluggishness, like a squishy slow stall, not abrupt, and recovery is similar perhaps a bit more abrupt as the airfoil regains lift.

Sure, as long as the gust is mostly vertical (usually true), and you're able to maintain below Va. All of the up and down motion in a serious thunderstorm can easily cause you to exceed Va or even Vne. Many aircraft have broken up in flight because of this. Now it could be that in many accidents, it wouldn't have mattered how strong the wing was -- eventually the speed build build up to the point where a big gust would break it, but I'm sure there are many where say an extra 50% strength would have made the difference.

Now that's also not to say that if you're going to add weight to an airplane in the name of safety that the best place to do it is the wing spar, but there is certainly a tradeoff between safety and weight.

> 50% is indeed not a huge safety margin like you'd get with a bridge or something

Safety margins for bridges are like 25-50%.

That's interesting. I know that they used to be a lot more. Perhaps we should be glad that most of the bridges we drive over were built before FEM, and they just used a lot more steel. I wonder how well a bridge designed with a 25% safety margin is going to perform when it's poorly maintained for 50 years and rusting like a lot of bridges in the U.S.

The reason this works is that the safety margins accumulate. You have a safety margin on:

* the loading on the bridge, which can be higher than the calculated amount.

* the resistance of the materials used, that can be lower than the requested amount.

* the quality of the soil,

* the lifespan of the bridge,

* ...

So the loading can be 25% percent higher, the materials can be 25% worse, the soil can be 25% worse, the lifespan can be 25% higher, ... and at the end you get a bridge that would still work if everything fails with a margin of 25%.

If the loads are 30% higher, the bridge might or might not fail. Who knows. Even though there are many other safety factors, and the bridge probably won't fail, it was not designed for that. There might be a critical part somewhere that has a resistance that's 25% worse than what it should be, and it therefore can only support a 25% overload, and with 30% that part might fail.

Bridges are designed to fail very slowly, loudly, and visibly, to avoid loss of functionality (e.g. when a bridge start to fail, this becomes obvious, and you still have months or years to sanitize the bridge).

I expect airplanes to have much tighter safety margins (<15% or <10%). The loads are more accurately known, the materials are higher quality, everything passes more extensive quality assurance tests, weight is much more important and companies are willing to pay prime prices on materials, manufacturing, etc. to reduce it, etc.

Safety margins aren't chosen arbitrarily. The job of a safety margin is to quantify an uncertainty, and with enough money thrown at each one, most of the uncertainties can be quite precisely quantified. Then it's the job of the designer to say "This plane should be in service for 50 years", and from the uncertainties and statistical analysis you can compute the highest load that the plane will receive in those 50 years with a certain quantified margin of error, and continue the design using that.