Sorry, I find it hard to care. You have to multiply the damage caused by the prior probability of the event occurring, and my prior of this happening is very very low. There are so many easier ways to attack people (e.g. poison a package in a language they use, or on MELPA for Emacs hackers) that I can't see this particular attack getting any use.

Security is basically a resource allocation problem. There are an infinity of attack vectors, so which ones should one be concerned about? Probably not this one.