Re: Safe until ...
"A The new backup overwrites the old backup with new encrypted files."
This is why you have a GFS (or more generations) strategy.
I use 4 gens per year, with intermediate monthly differentials and (at least) daily incrementals, and a retention period ranging between 18 months and 5 years, with a backup package (Bacula) that allows me to pinpoint any file on any tape _AND_ its SHA256 checksum at the time of backup (so I can tell _when_ any given file changed before I even open the data safes)
When the tape _drives_ cost £12,000(LTO6) to £20,000(LTO8) apiece, the cost of tapes is in the noise.
"B. Someone walks off with the tapes."
2 * https://www.phoenixsafe.co.uk/product/data-commander-ds4623e/ here and demand for a third one if I can find the space. (They're about £6500 apiece, delivered and stuffed with drawers instead of shelves. DON'T take the shelves option, you _will_ regret it)
See #1 above. All those tapes take volume. You can put about 1850 LTOs in each one of these babies
"C. Those old tapes in the cupboard? They're old just throw them out."
See above. Your bigger problem is making sure that older LTO archives are migrated to new media within 2 _drive_ generations, or they become unreadable. Again, a decent backup system makes this straightforward.
"D. The offsite server location caught fire?"
See above
"E. Miscreants learn how to infect the Scalar i3 tape library with ransomware"
See A (This is a risk for any backup system, but you don't use the same OS on your backup server as everything else do you?)
"F. Restores are carelessly done to a system still infected."
Restores in this kind of situation are generally bare metal.