Everyone that has used IonCube or Zend tools has most probably experienced the problem that both companies ship extensions that backdoor PHP in a way that only those extensions can be used that they consider trusted. On pages like this they claim this is another (optional) security feature. In reality it does not offer any additional security, because everyone who is able to install Zend Extensions on a server is also able to directly patch the untrusted code into the PHP installation.
The most likely real reason for these backdoors is to keep Open Source alternatives to their products away from the PHP installation.
Because of this the Suhosin extension already contains stealth loading features that are able to bypass the Zend checks. Unfortunately until today I was not aware that IonCube comes with a similiar protection that is only activated if the encoded files request it. Of course future Suhosin versions will work their way around this backdoor.
However I decided to take further actions against this kind of anti-open-source actions and will create a patch against the PHP codebase (that will also be added to Suhosin-Patch) that will introduce the concept of extension trust. The basic idea behind this feature is that the admin can give different trustlevels to extensions, so that an extension can only see those of a lower trustlevel. Additionally it will not be possible for an extension to learn it's own trust level so that the encoder backdoors cannot demand to have the highest trustlevel.
From my point of view it is really sad, that companies with a business model based on extensions and support for open source take such drastic steps against open source products.