I don't see the difference.

> OSS only needs someone to have a strong LLM to check for bugs.

The same applies to propietary, closed-source code. It being closed-source means that the source isn't generally available, but the executable is. Hence, someone with a strong model can still reverse it and find vulns.