Ideally anyone running production code involving computers that handle money (even if the code itself doesnt), should review any libraries, fully understand what it is doing before importing them. I would also hope they wouldnt use any code period that relies on downloading content from an unaffiliated third party as what these libraries were doing.