The case law says that as long as the user has managerial control then whether you sold a product enabling the user to take control, then as long as the developer has had no control, then the user entirely culpable thus the shares in the product that was sold at ICO are not a security, because there is nothing backing it. It appears you are wrong in the case that the developer steers far from any managerial control throughout the entire process.
You are, I think, attempting to thread a needle here where the "developer" is an employee or contractor for another entity where the other entry has all the control. The could certainly happen in some cases, but remember economic reality has a lot of weight, and can trump organization paperwork.
Well if you sell a product that meets the specifications you provided to the users, and you have no control over what happens after that, then no one claim you had control and the users didn't. They had the disclosure of what they buying. They had the control whether to buy. They had the only control that anyone had over the tokens after the crowdfund ICO. As long as the lead dev exerts no position of increased control as compared to any other users after delivering the product as specified, then he has had no control.
In other words, the lead dev must cease to have any control once the sale is completed and the users have to decide what to do with what they purchased.
The coin would obviously need to be in testnet for a while to hammer out of all the bugs.
If the users voted on their own volition to hire a dev to make some change to the protocol via decentralized donations, that dev didn't have managerial control. Rather the users did. The other users can veto it by not adopting the new protocol changes.