> The surface for security vulnerabilities also gets narrower, since you "only" have to trust the LLM (which is still a huge ask, but still better than LLM + 1 random person).

On top of which, any such vulnerabilities will be mostly low value: n different implementations, each with their own idiosyncrasies, 90% of them serving one person.