Ideally anyone running production code involving computers that handle money (even if the code itself doesnt), should review any libraries, fully understand what it is doing before importing them. I would also hope they wouldnt use any code period that relies on downloading content from an unaffiliated third party as what these libraries were doing.
Spot on target.
Far too many BTC devs seem to not care that in the end miner, proxy & pool code are FINANCIAL software and need to be vetted as such. People not only can but HAVE lost money due to bugs in it that testing would have easily caught. In other words:
test the hell out of it BEFORE going live! Ya listening Slush/Braiins devs?