Thank you, Lukas. I think this is my best option, even if it means having to keep patching Piwik after every version update.
I am a little surprised that this issue has not been prioritised earlier on. In some environments it would be considered a significant security vulnerability.
I wish I had the skills for creating the tests that apparently held up this otherwise useful piece of work from becoming part of Piwik accepted core. I wonder if creating those tests is so hard that no one on the Piwik team is capable of doing them. Maybe a clear, step-by-step guide how to create such tests would help?
In any case, many thanks for your kind comments, which are much appreciated.