I mean, the developer showing he’s willing to create a security vulnerability in his own code may hurt adoption of his library. I would take it out of any of my code bases on principle alone.