What exactly would you have done differently?
Cargo made its debut in 2014, a year before the infamous left-pad incident, and three years before the first large-scale malicious typosquatting attacks hit PyPI and NPM. The risks were not as well-understood then as they are today. And even today it is very far from being a solved problem.
Yet Go is half a decade older and seems to have handled the situation much better.
How does it handle better, exactly?