Maybe, maybe not, but they certainly wouldn’t have included as many widespread, well known vulnerabilities with exploits already in the wild. And even if the imported code was perfect at the time it was imported, pulling in changes automatically is still an attack vector that you could drive a fleet of buses through.
Note that I’m not saying “never use libraries”, which your points seem mainly aimed at. Code reuse is great! I’m just not sold on automatic, unmonitored updates to libraries.
Note that I’m not saying “never use libraries”, which your points seem mainly aimed at. Code reuse is great! I’m just not sold on automatic, unmonitored updates to libraries.