can we just skip the code review meetings where someone's going to point out that our 'hacky' one-liner is vulnerable to sql injection instead of just opening a pull request to fix it??