It should be safe with shell=False, because arguments are quoted by shlex.quote and parsed by shlex.split, it’s a useful syntactic sugar for shell-like scripts. I agree that it should be clearly documented that subprocess.Popen with t-strings uses POSIX shell syntax even on Windows.
On the other hand, it is indeed unsafe with shell=True on Windows. shlex is designed for POSIX-compliant shells, while cmd.exe has its own chaotic syntax. Here are some discussions about it: Why is subprocess.list2cmdline not documented. IMO making shlex to support cmd.exe or powershell is definitely out of scope of this PEP.
Should we add a runtime check such as:
if os.name == "nt" and shell and isinatance(args, TemplateLiteral):
raise TypeError("t-string is not supported with `shell=True` on Windows")
or just warn about it in the documentation and leave it to linters? It may be a footgun on Windows, so I personally prefer the former.