I don't use Siemens for safety, although we use it for normal control.
We have decided on Pilz safety PLCs.
One reason is that when the decision was made was that S7s did not have pre-programmed safety functions like the Pilz did. For example, the pre-programmed safety functions could handle E-stop push buttons, light curtains, safety gates, monitored safety contacts and other devices. With these, there is a much lower chance of stuffing up.
I believe the S7 now has some of these types of functions available.
As to the difference between normal programming and safety programing (my point of view only):
1, Messing up safety can kill someone, messing up normal programming usually only results in damaged machinery.
2, Safety devices need a higer level of monitoring and cross checking, so you need a good method of programming to ensure you don't accedently leave out any of these (Hence why I prefer pre-written safety functions to roll your own)
3, You must ensure that only authorised persons can modify the safety code, and not without permission. I would not even allow myself to modify safety code without the permission from management, and I believe I know what I'm doing.
Above all, know your local standards, and know how build hard wired safety circuits before you start playing with a safety PLC.
Hope this helps,
Doug