I elaborated github query today morning
To validate my concern, I spent some time digging in and discovered a repo which I think would become vulnerable in result and is deployed on Ethereum:
https://etherscan.io/address/0x0000000000b1827b4959F2805E4b480D8799FCbB#code
Their public method originate internally calls _callCustody that reverts based on user-provided custodian field, which is being checked via extcodehash.
With 7702, adversary could temporary delegate to make it look like he is valid custodian, inside originate the transferSpentItems method would send assets to adversaries EOA.
I found some more later: