I'm not sure I'll get anywhere with upstream... There's other dubious stuff in Linux PAM, too. Indeed a quick list of stuff that looks at least suspect to my mind is:-
wheel (sudo et al are a better solution)
userdb (why? Isn't /etc/passwd already a local database?)
tally (defunct)
time (obsolecent; why restrict logins to certain times in this day and age when not using time shared systems and dial up)
pwhistory (stores previous passwords ?potentially recoverably)
permit (insecure)
nologin (security risk; forces root to be special)
mail (old-fashioned and of limited use in a server or desktop today)
group (security risk; unnecessary extra complexity in addition to /etc/group)
ftp (in 2013? And it reckons it's easily spoofed in its own man page)
debug (unnecessary)
but none of that has to do with musl (although dropping time means there's less patching to do to support legacy NIS junk)...
Anyway, now I'm off-topic.