This securtiy flaw impacts not just the inexperieced develoeprs though.
If serious developers are relying on closed source services they are just as suseptible despite their skill level. Again there are many ways to mask behavior from tracking and one of the most simple and extreamly effective is sporatic behavior.
Imagine this: I don’t like a developer of a game because they said no to adding something I wanted them to add. Rather than do something obvious like give myself content in their game I decide to mess with their game by updating my private module kick users randomly.
To the developer, this is just a spike in users saying they have disconnect issues. In reality it’s a bad private module they will have zero ability to identify even if they are highly skilled themselves.
Again the greater risk runs to Roblox though.