Yes, this (the web code generator) was added when 3.8.7 was released:
As you need physical access to the device, the security implications are predictable.