Because it might not be the developers doing the deploying, but a malicious actor?