I meant that using burner addresses like the bitcoineater one, no one really knows if someone possesses the private key to it or not. you don't expect that anyone knows it but you don't know exactly how they came up with that address so you can't really say for sure.
Then that is a different argument than "cracking the address".
You are right, there is no proof that the burn address is not-generated using a private key regardless of how unlikely it is. But that is still not called "cracking" since the creator would already have the key.
But why is someone using a legacy address to hold that much BTC?
Because it is 100% secure as long as the key was generated correctly (used a strong random generator) and kept safe.
Lose your private key or if someone else gets your private key, it's all gone.
Nobody can "get your key" as long as you are protecting it correctly. Besides if you are incapable of protecting one key, you are not going to be able to protect multiple either.