While both of those are possibilities, they are unlikely for other reasons. The first because for both the mad hacker and the terrorist, introducing a flaw that will fail someday isn't terribly productive. No thrill in it for the hacker, and no sense of immediacy or attack in it for the terrorist. In the case of the medical implant, there's no competent medical device manufacturer that would just go without continuous testing their product because they trust their printing process. Like the pillar, no sense of immediacy for the perpetrator as well.

Also, if someone is getting into your facility with hard copies of malware to put on your machines, you have a bigger problem than the malware itself. The Stuxnet attack on Iran's nuclear lab was carried out by a professional and highly competent national spy agency (no points for guessing which one, we don't need politics in here).