Filtering for opinionated developers who proritize their political views and arbitrary moral compass over company policies sure sounds like an interesting strategy when it comes to handling sensitive PII.
I think you're reading into it too much and injecting politics. I don't know how else to describe it without de-anonymizing other than "it was actually bad and the PM who came up with it did a bad job designing the fraud cases".