The Metaverse envisions a future where immersive online interactions become the norm. However, this vision can only be safely realized if user safety and privacy are prioritized. This review critically evaluates existing user safety and security measures within the Metaverse. We have highlighted the limited ability of existing solutions to protect against harassment, identity theft, and the misuse of personal data collected in this environment. This research comprehensively analyzes user safety and security dimensions within virtual worlds and presents a taxonomy to classify the unique threats and vulnerabilities Metaverse users may encounter. This review reveals critical gaps, including the lack of comprehensive security frameworks and balanced privacy-preserving models in virtual immersive environments. In response, we propose a novel Metaverse Security Architecture designed with Zero-Trust principles. This architecture prioritizes user control over data, identity, and experiences. It also emphasizes proactive security measures to mitigate diverse potential harms in virtual worlds. Our research highlights the critical importance of such robust, user-centric frameworks in enabling a Metaverse that is immersive, safe, and secure for all its participants.