Comment by AnthonyMouse

> The obvious downside to this is that hardening code becomes a potential large amount of effort/overhead that could normally be concealed behind binaries and proprietary code.

This is not a downside, it's a benefit.

Suppose an adversarial country eventually gets access to the proprietary code. Do you want members of the public to have found and patched any obvious vulnerabilities before this point? Yes you do.