"Also, is it safe?"
I don't believe it's ever safe to give anyone your passwords for anything. I don't care if you worship the wordpress guys, I still wouldn't do it...
As soon as you give away your password, all the accountability goes away. Everything that happens from then on becomes your fault automatically.
I don't believe the upgrade feature should even offer the option. If it can't do it without your FTP details, it should fail and make you upgrade normally.
Most users don't care about handing over their ftp logins, but responsible computing dictates that we shouldn't ask for it, even if people don't mind giving it away.
A nice little error message like "I'm sorry, the automatic upgrade cannot be performed. Please contact your host to enable suPHP." is informative and puts the onus on the host, where it belongs.