Yep. It’s just working backwards from some pre existing very negative worldview.

Its a justifiable worldview. I'm an Indian dev and I've seen obvious backdoors like these added to the backlog as a low priority bug. If somebody spends time on this, that means features are being delayed and you are rewarded less.

I've worked in lambda web editor (not in Git) and my lead considered replacing sql injection with parameterised queries was a distraction/insubordination. Cant wait till audits, data breach insurance and imprisonment becomes the reality.

Could be as simple as no auth in debug builds and then deployed it by accident.

I don't mean to pick on your comment, but to respond to a prior comment, you are beginning with a very positive world view and interpreting the events from there.

Lazy API that did not vet a simple backdoor?

Good coders but accidentally pushed the debug version of the API?

I am going to have to say the second option feels less likely (yes, I have been called cynical).

Different confs in the same repo. Many CI/CD tools will pick debug/dev conf by default if nothing else is set.

It was just an example. Maybe they knew.