The bigger problem is that it's relying on a convention. The RC wrapper needs to be constructed in a particular way that's easy to get wrong and that the compiler has no way to check for us.
Maybe the compiler could enforce that opRelease is truly @safe - i.e. doesn't call any @trusted code. Although there would still need to be an escape hatch for doing unsafe ref-counting without the overhead of a free list.
