I found interesting the part about modifying the initrd image. I've done that in the past to save data from a broken system.

Just somehow never occured to me, that you can do malicious things like altering the system after the user decrypts the data.