So it’s a matter of training. And that’s pretty much true of Open Source security models. Think of Open Source software. Having a bunch of random people look at the code to tell you if it’s secure won’t work. If you have well-trained people who look at the code, that will work! Open Source just means you can see it, it doesn’t guarantee that the right people will see it.
The interview is much broader, and worth reading.