In #22054 the check for the protection of the datadir was moved to check if the .ocdata is accessible via the internet.

Checking if the .ocdata is not accessible is no proof if the datadir is protected. Most webserver setups out there are denying the access to those "dot" files by default. There is no guarantee that the datadir is protected by the assumption that the .ocdata is not accessible.