The network parameter notary whitelist specifies which notaries new states can be issued on. This includes both issue and state transition transactions.
If a notary is being decommissioned (whether it's full or during a network merge), it will no longer be on the notary whitelist, meaning that it can only perform notary change transactions.
If a party knows a notary's identity, it can create an issuance transaction with states assigned to that notary.
An issuance transaction with an output state assigned to a non-whitelisted notary should not verify.
The whitelist check is carried out during LedgerTransaction construction.
A malicious party can still issue a state on a non-whitelisted notary, there isn't really a way to prevent it.