That's not to say that we shouldn't have verifiable builds (we totally should), but if we follow this line of logic we will never be able to call anything secure. By the time we have verifiable builds we will have identified other security risks that also need to be addressed.
Apps like Riot are secure compared to the majority of alternatives available today. Arguably we shouldn't use a binary term to describe that, but I'm sympathetic to the idea that consumers think in those terms and that it's not too harmful to use them. Other metrics typically don't see this kind of feedback (for example, you hardly ever see anyone complaining about someone marketing their app as 'fast', even though performance is also not binary).
Even better if these claims could be backed, if not by a formal proof, at least an informal definition of these terms as used in the claim and reasonable justification as to why the models being promoted would not tend to collapse into greater centralization, weaker security over time.
You make a very interesting point about recognizing whether the tendency of a group coordination model is to drift toward one of the poles of centralization over time (not sure I follow that same reasoning with regard to security though).
This comment would have been much more relevant had it been made in the other story about making efficient decisions in a flat hierarchy.