This is a vulnerability in the same sense as someone committing a secret key in the front end.

And for enterprise, they have many tools to scan vulnerability and malicious code before going to production.