Maybe we read different posts, but I didn't get anything like an implication that the author of py-crypt intentionally sabotaged it. What I got was more of a "I'm not taking anything for granted because that would be a good attack vector."

I'll leave the rest of the analysis as to the effect of the problem to your much-more-knowledgable hands.