thank you for this, I have a follow up question: Now an attacker can not install an old, vulnerable version. But couldn't they just install a new, vulnerable version? Is there something that enforces encryption key deletion in one case and not the other?