> Any user with "interface administrator" status can change global JavaScript or CSS for all users on a given Wiki with no review.
True, but there aren't very many interface administrators. It looks like there are only 137 right now [0], which I agree is probably more than there should be, but that's still a relatively small number compared to the total number of active users. But there are lots of bots/duplicates in that list too, so the real number is likely quite a bit smaller. Plus, most of the users in that list are employed by Wikimedia, which presumably means that they're fairly well vetted.
[0]: https://en.wikipedia.org/w/api.php?action=query&format=json&...
There shouldn't be any interface admins as such. There should be an enforced review process for changes to global JavaScript so stuff like this can't happen.
I'm sure there are Google engineers who can push changes to prod and bypass CI but that isn't a normal way to handle infra.
There are 15 interface admins as per these links
https://en.wikipedia.org/wiki/Wikipedia:Interface_administra...
https://en.wikipedia.org/wiki/Special:ListUsers/interface-ad...
Those are the English Wikipedia-only users, but you also need to include the "global" users (which I think were the source of this specific compromise?). Search this page [0] for "editsitejs" to see the lists of global users with this permission.
[0]: https://en.wikipedia.org/wiki/Special:GlobalGroupPermissions