Depending on the ... criticality (wow, apparently this is an actual word) of the form, you could disable the security token.
I don't particularly recommend it unless it's a search form or something like that though.

I take it Safari is actually submitting the SecurityID?
Because looking at the code it suggests that perhaps it's not. http://api.silverstripe.org/3.1/source-class-Form.html#281 ($vars being http://api.silverstripe.org/3.1/class-SS_HTTPRequest.html#_requestVars - ie, everything submitted)

If by 'similar' you mean it's showing the other error (timeout), you're either taking too long to fill out the form, or perhaps the session timeout is set too low for your needs (eg, when the form is huge). The only easy way around that is to increase the session timeout for that site.

Thanks @Nightjar, I realised after posting that I was sending the SecurityID as hidden field for some silly reason and it must of been causing a mismatch.

Would be cool to get a more descriptive error though (if in dev mode).

Myles,
1) Why are you working so late?
2) Hidden field shouldn't matter, as hidden fields are still valid for submission. Unless because it's late you meant disabled, then yeah, that would be a bit silly.
3) Yeah you're probably right. Submit a pull request! :P