I think it's also possible that some of those safeguard provisions were left out of the software so that in case the malware was detected, it could have been attributed to standard hacker groups as opposed to German government organizations who play within a specific set of rules and regulations. Obviously, this plan failed and it has been identified as government-sponsored malware.
A standard hacker group would have working safeguards in order to remain in control. Nobody wants his carefully created botnet taken over by someone else.
Obviously each group would try, but that doesn't guarantee perfect success every time. Afterall, if every botnet were perfect, then they would never be discovered by researchers and taken down by authorities.
There is a significant difference between identification of a botnet and listening into communication, controlling it or even taking it down.
Especially the latter can be impossible to do legally if you don't manage to shut down however is controlling it.
In any case this doesn't matter because the government would have to put these safe guards in place. They cannot not implement them simply because someone might suspect the government behind it if it is detected.
