It's relatively hard to audit a binary. You can audit the behavior of single runs, you can't nearly as easily audit the behavior of the program itself though. What if it pings only on Tuesdays, what if it does some sort of dns reach out that's a false positive for something else you didn't realize the browser was doing, what if there are platform specific differences in behavior.

The same goes for auditing the final executable. Open source gives two options on that: build it, trust it. The latter may seem 0 gain but, again, it is actually a big difference trying to audit a blackbox for every possible behavior vs seeing what the baseline behavior is supposed to be and looking if any differences occur in the premade binaries. There is a 3rd option: reproducible builds... but I doubt that's a reasonable goal in this case.

I'm not saying Kagi/Orion should necessarily care about providing that level of audibility, just that the response a pre-made binary is as trustable as a binary with its source code falls quite flat.