It honestly never occurred to anybody to check. It's such a rock solid standard tool the notion that it wouldn't be approved and Oracle would be for some vague handwavy "security" policy reasons was not a notion that anybody entertained, not even the client PM, until we got to deployment.