I believe parent is not talking about the security implications of the contributions themselves, but the security implications of the act of making contributions as an Apple employee. And it’s a reasonable assumption; from my (not many) interactions with Apple employees in OSS world, they are generally very careful about doing this sort of things, and I would be very very surprised if not at least a few managers know about this beforehand.

No Apple employees made any OSS contributions here. They just added a tiny feature to an existing Apple tool that happens to make our lives easier.

Yes, sorry, the wording I used was misleading. What I meant by “contribution” is in a broad sense “something that helps”, not actual OSS code contributions.