Well, if you see the issue where this was enabled, the author had it originally disabled for security reasons so it's not that he's unfamiliar with the reasons why one shouldn't have it enabled. He did it on request from a user while knowing the security risk so that means it's less likely that he's made mistakes so much as yielded to users. And the latter thing is a lot easier to solve.