I suspect it's because the technical staff have already been let go or replaced with outsourced maintenance-only staffing firms, which means the non-technical leadership doesn't know whether the source code would contain damaging information.