SQL injection is no more an issue than for any other URL.
Nobody says this is stupid, so I'll go ahead and show what I did.
Tools > Redirection
Click on "Modules"... then add to the module "404" a group named "Change 404 to Search".
This "group" is just one redirection rule.
Target URL: /?s=$1
You want this to cause a Redirect... probably a 307 is the one to use.
The rule takes whatever was given as the URL and uses it as the parameter for a site search. Because it is a redirect, the new URL goes back to the browser, who requests that page. The visitor sees the search result, which might have something relevant to the page which they were trying to reach.
However, now nothing shows in the Redirection log. Apparently this redirection takes place before 404s are logged. And of course no 404s are being actually sent to client browsers, as they're always getting redirection status codes.
I'm using the Relevantsi plugin for better searching, so now I look at its search statistics to see what people were searching for.