But even if a program hard-codes the library name (instead of *LBIL)
you could easily replace the security service program with one of
your own, and bypass security that way.
You could even rename the existing srvpgm, put your own code in it's
place, and have your code call the original one.