The client writes configuration changes directly to file (or the registry) without any locks. Two clients writing at the same time, or one client reading as another is writing, results in corruption.
We should either make things atomic (write to temp file and rename), or introduce locking.
Note that this is also partially true for known_hosts. When filtering the file, we open a temporary file and then rename it, but when just adding a key we simply open the file directly in append mode.
That might be safe enough, though, as it is very little data and is likely to only require a single write.
OpenSSH has the exact same model for adding and filtering.