You can do an awful lot to make a device like a microwave safe with loads of failsafes...
But rarely do those failsafes protect reliably against 'the mainboard was splashed with salt water'.
Even with triple redundant relays, how do you know the salt water didn't just wet them all?
I noticed when tearing down an old microwave for salvage that the light bulb was part of the power circuit. If the bulb burned out, so did the microwave.
Reminds me of a comment from a previous time this story was posted here:
https://news.ycombinator.com/item?id=41509748
In almost every system with failsafes there will be conditions that can bypass them. The goal is not to make it impossible for the unsafe condition to happen, but to make it so that in the expected uses the failure will not happen.
In this case it's a domestic microwave and the mainboard is housed inside the electronics enclosure, so covering the whole mainboard in salt water is not an expected occurrence in a domestic kitchen.
But there are ~1 billion microwaves in the world... I'm sure it has happened somewhere. As a designer of a billion-sold device, your job is to make sure that the expected number of people harmed by your device is substantially less than one, which gets really hard when all the risks are multiplied by 1e9.
In that situation one of the switches should short the mains voltage and blow the fuse when the door is opened.
> Even with triple redundant relays, how do you know the salt water didn't just wet them all?
The design typically includes a mix of normally open and normally closed switches. If everything failed in the same direction (closed) it wouldn't satisfy the failsafe.
If you're spilling conductive liquid on the board, it's going to blow fuses anyway. It's more likely to short to ground than to short only to the precise path needed to activate.