I disagree here. You don't want to allow people to review their own code. That defeats the purpose of a review. No matter if he's a superstar, have someone else look at his code so that he doesn't get sloppy with security practices.

And if you allowed this, then more borderline superstars would want the same privilege.

In scientific publishing, even if you're the editor in chief, your paper gets reviewed by someone else and the whole decision process happens away from your eyes; this is good for science.