this is a big deal for me, as someone wrote some private frameworks that are signed with certificates with my team id that I can't revoke, and I didn't write that code, it's malware. Deverloper support just ignores my pleas to revoke the damn things.

security by obscurity?

It matches their repair policy of refusing service for nicotine contamination without actually verifying or testing that a contaminant is actually nicotine, so what's the problem?