I understand the idea. The point was that it isn't good enough: humans are fallible, so you still want to provide a secure CI/CD environment for untrusted external contributors.