its because they're worried about _their_ vulnerabilities being patched with a prompt as simple as 'fix this code'

i'd love to see the research paper with the CVE's and 'delibrately planted vulnerabilities', I bet we could infer relatively accurately where some of these things lie