I would prefer my builds to break than the ecosystem to be compromised.

That said, once unpublished the version should be permanently unavailable to prevent publishing over known good versions.