It’s not a flag, the feature is part of the iCloud upload process. No upload, no scan. Of course a code change could do anything.
The point of the feature is to prevent people from using iCloud to distribute CSAM. If you’re recording it with your phone, it’s no different than using an slr camera. The cloud part is what they’re worried about.
Why flag the account and report it if the only goal is to politely prevent people from uploading? Like you say, a “code change can do anything” and we simply don’t know how the current feature is done or how it will evolve.
edit: like many comments here already say, reporting doesn’t sound terrible for CSAM, but nothing about the feature guarantees it wont be extended to other kind of content.
The point of the feature is to prevent people from using iCloud to distribute CSAM. If you’re recording it with your phone, it’s no different than using an slr camera. The cloud part is what they’re worried about.