Okay, maybe I've changed my mind after reading this: https://ponder.cat/post/1533712
It's probably worse than I thought if some random new programmers are poking at that infrastructure as well and pushing arbitrary changes. I don't want to be in the position to clean up the mess after it fell apart. Or audit the system and rebuild it, now that it's practically compromised. Let's just hope they shoot themselves in the foot.