Removal of the download link, or an extension to re-enable it, isn't about whether or how recovery from a trashed board will occur.
The change was to make information disclosure, or breach, more difficult than "one click, done."
If someone attains or attempts to misuse administrator backup or founder permission, they can't just "click, now I have 100% of your user information, private communication, and all other database information to peruse at my leisure." Now they would have to compromise the actual hosting account too, in order to attain that level of access.
Yes, the rogue admin still has "lots of access" in phpBB, even without the download link. But now they would need to script something to scrape each and every account information page, and/or each and every public message, over multiple hours or days in order to achieve the same information capture that the "download" link provides in one shot. And they still wouldn't have access to things even founders don't have access to, such as Private Messages, without database access.