What also just occurred to me is that governance issues don’t just affect one chain; it affects all connected parachains as well, as they have given privilege and trust to the affected chain to send XCMs over to them.
Thus, it is very important that we treat governance issues seriously. We say that Polkadot has shared security, but it does not cover the case where the attack happens within, i.e. completely within the rules and limits that the runtime code permits.
This is also a wake-up call to all parachain teams. When parachain teams decide whether or not to allow communication with another chain via opening an HRMP channel, it is of paramount importance that they trust and audit not only the other chain’s code, but the entire process of delivering runtime upgrades as well.