True, but you'd be surprised how much you can tighten up a codebase by asking a heftier model to do a security review and suggest fixes.
At what point do people really know if it has been tightened up if they never look at the code?
At what point do people really know if it has been tightened up if they never look at the code?