No simultaneous source release, a call for users to run Linux benchmarks, and a mysterious tweet about 7Zip source code quality.
p7zip has a number of known bugs easily found by fuzzing, as it hasn't seen updates for years. 7-zip in general is a tool that is written in C and supports lots of complex binary formats and thus has a huge attack surface for memory corruption bugs.
This is all pretty obvious with some basic knowledge of how these things work.
And a bit off-topic, but have you heard of (or maybe commented on) "Bring macOS Quick Look Feature to Windows" aka "parse and preview everything"? Is it paranoia to think "how we defend against parser exploits" should be part of the tool design?
If all you care about is LZMA compression lzip is your best choice, which has a much more rational container than xz. https://www.nongnu.org/lzip/