On the Role of Latent Design Conditions in Cyber-Physical Systems Security