Comment by dm_

I don't disagree with the desire for more inherently secure architectures, but I don't think it's the most relevant issue here.

You're always going to have to trust some core same-privilege code--a browser renderer is a great example of this: it has to be able to see the entirety of the DOM it's rendering, right?

Higher-level languages can still help code review--for example, memory safety makes it harder to hide a backdoor via unsafe memory operations leading to code injection. But you're still, fundamentally, trusting these community contributions.

I think the real problem (as others noted here) is that:

- writing code is now much, much cheaper than ever

- understanding and designing code is still fairly expensive

So doing the former (in the form of a PR that compiles and passes CI) is not a good "staking mechanism" to prove someone has done the latter.