I assume its debatable who's additional at fault. I might argue a logging library that executes the log entries as code is a hell of the footgun. The record of hackers exploiting insecure printers is pretty rich. A few years ago, for instance, one of them produced printers spit out https://prohactive.com