Sure, but are there others who did not get caught? Others who might be better at obscuring their changes? And who might first develop a history of good, secure work, and then slip something sketchy into one -- and only one -- patch?

Seems like the UMN "researcher" was doing this over and over; the more times you do it, the more likely you are to get caught.