That aside, this hole could be useful in a situation where Party A wants
to help Party B compromise a system without leaving a paper trail. Party
A trojans an ssh client binary, Innocent Bystander C does an ssh
connection somewhere, and Party B sniffs the cleartext traffic. No
evidence to point to Party B. If instead Party A trojaned the binary to
send Party B a carbon-copy, and a white hat could extract this, then Party
B is implicated.