There are Static code analyzers which already would have detected that.

And these were also automatic. Looks very likely that the team didn’t give a damn about top basic security and good practices.

Like a house made of paper wouldn’t be an example of the insecurity of the construction industry.