That was, actually, my very first suggestion. Just generate a GPG key and ask us to sign it. We need you to sign the indemnity form that says what you do with your key is your fault,and not ours. (The wording of that is what has been causing issues, but, if you are doing it for yourself and not distributing the modules, then nothing in there could cause you any problems)
This has 100% nothing to do with phone home. The new OOBE calls that let Sangoma offer free stuff aren’t really ‘phoning home’, but I can see how you could get that impression. It’s a single request that asks ‘Can I have any free stuff?’ and returns yes or no. This is all open source code, nothing’s hidden or obfuscated - check out OOBE.class.php in BMO (and you’ll also see who the main committer to that class is, too 
That’s the whole point of the indemnification. We do NOT have any authority. All we’re doing is approving your GPG key to sign modules. You can do whatever you want with it, but, if a module signed by your key is found to be doing bad stuff, then we’ll revoke our signature on your key. That is the only time that we explicitly block a module from running. We think that if we’ve had to actually revoke someone’s key, then there’s going to be a damn good reason for it.
From there, If you wanted to re-enable that module, you’d have to delete the sig file, so the module is treated as unsigned.
People are over-thinking this. This is just a really basic, trivial, way of doing a simple GPG web of trust, that’s built into FreePBX. That’s it.
Here’s the wiki page on how it all works and goes together, and even has examples of what you need to do to generate a key.