That is accurate, and is an unfortunate consequence of dero having taken the code closed-source, which was just shortsighted and unnecessary. That action irrevocably shifted things from a "trust in the code" situation to a "trust in the team" one. Which itself is fine, so long as a person has a clear understanding that this is what they are doing.
Shockingly, we are in at least partial agreement. In an earlier post to this thread I basically said you can have anonymous devs or closed source but not both.