That is why I said "risk". Though the models are pretty good "if" you ask for security audits. Notice I didn't say you could do it without technical knowledge right now, so you need to know to ask for security review.

I have friends in security on major platforms who are impressed by the security review of the SOT models. Certainly better than the average bootstrapped founder.

For a few years maybe, but I see little reason to think this stuff won't be coming for their jobs as well.

True, but you'd be surprised how much you can tighten up a codebase by asking a heftier model to do a security review and suggest fixes.