Yes, I pointed out that decompilation is one of the steps that needs to happen to make this into something useful. However, without a simple, hard to detect mechanism of getting your code into the process (which this sort of injection is), its usefulness is limited. By injecting into the client rather than putting code into their archives, you make it considerably simpler and harder to detect.