Yes, I agree @tfa that it’s easier to tweak a config file than recompile with a flag. This suits us now, but is only a short-term solution. The key point here is that neither option is safe. It’s debatable about which option is safer, but ultimately its a moot point.
Longer-term we’ll be looking to make this safe regardless. That’ll probably involve a combination of changes: some of the dev options will become obsolete and get removed once they’ve served their temporary purpose; others may only (negatively) affect the vault running with those options but can be considered “safe” since they don’t affect the rest of the network (an example off the top of my head might be an option to log your vault’s throughput); others will be disallowed and enforced by the network.
Basically, the network will have to defend itself against any of these potentially harmful dev options whether or not they exist as dev options in a config file or dev options via a compile flag or not as dev options at all (i.e. an attacker modifying the code and recompiling).