strcat is unsafe because it doesn’t check the length of the destination buffer. This can cause the function to overflow the destination buffer when the input buffer is unexpectedly long, leading to security issues and application instability.
strcat_s are safe alternatives to
strcat. Note that these all handle the issue of tracking the remaining buffer length for multiple concatenations differently, so it is important to read the documentation carefully before using any of these functions.