Security people will just move the goalposts to "we assume the actual chip has backdoors that aren't present in public source code".