[throw0101d]

At one point (pre-HTTPS ubiquity) the NSA hacked (e.g.) Belgium telecoms via injecting malware into web response from (e.g.) Slashdot:

* https://thehackernews.com/2013/11/snowden-reveals-gchq-plant...

* https://www.aclu.org/documents/quantum-insert-diagrams

* https://en.wikipedia.org/wiki/Man-on-the-side_attack

Still state-level, but probably less noticeable than BGP hijacking.

Unless you're entering IP addresses in all your applications and code, non-SEC DNS is an unsecured link in the chain of communications.