What are the security implications of this?  Both having an interceptor function at all, and having on that doesn't call the intended function. Is there any way, on any implementation that this provides an attacker a hole they can use to break into an otherwise secure system?  (possibly having already broken in raise their permissions?)  Remember you answer answering for all systems including future systems that don't exists yet, and all attacks including ones that done exist.  In many existing run in a specific context, so installing an interceptor function may be a way to get the permissions of a function called from a different security context.  (that is install the interceptor than wait until code in a different context runs)