Prevents configuring the 'Data modification API' (convert_data) setting
to use files located within the $CFG->dataroot directory as it exposes
the site to security risks.
It has never been guaranteed that settings.php would always be included
from inside the core\plugininfo\auth::load_settings() scope only.
Alternative fix would be to use $plugininfo->name but I think it is
better to be explicit here (same as we are explicit with setting names,
strings etc).