The security issue is very likely scenario. If you’re in Russia, you can go to jail at any moment on totally bogus charges. It is very easy for FSB to pressure some random kernel maintainer into adding hard to detect backdoor into their code, it will be XZ situation all over again.
Torvalds kicked out a bunch of Russia-based kernel maintainers.