Hello, Thanks for the explanation. It is a bit more relaxing. As for current concerns - upon a bit of thought i see it as concerning if the current implementation doesn't warn the user when it is enabled.
This can present issue in auditing or false negative result in case of supply chain attack/lookalikes or a vendor obscuring insecure app design. of course this will depend on the complexity of the auditing software but in cases such as containers or ready made appliances they already quite hard to audit from that angle and ease the auditing process will be welcomed Daniel.
