> we do not have proof at this point that code flaws are intentionally introduced.
If it is the way it is (unsecure), what does proof of intent matter?