[cryptonector]

I agree about monkey patching (but not code injection).

> As I said, there was no documentation.

Well, there's your problem :)

> Or you might get sued for non-compliance with the GDPR.

Non-sequitur. That's just an argument that your lawyers need to be involved in matters of data retention.

> malicious feature

That's utter nonsense. If it was "malicious", it would have been removed by now. All the evidence says that they are useful.

What next? No foreign keys? Those are typically implemented as internally-generated triggers. That must make them Doubly-malicious, or something.