It's not really off topic because you're hiding a super niche use case behind misleading language. e.g., You present two choices: "audit Cargo" or "copy some source files." But those aren't actually the two choices in practice, because in order to copy the source files, you actually need to obtain them first. And in order to obtain them, you very likely need to use some software to do it. And the most common pieces of software you might use to obtain said files are likely just as hard (or harder) to audit than Cargo is.

So upon further clarification, it's much clearer what your position is: "auditing Cargo myself is much harder than trusting the security of some other piece of software that has been---and continues to be---subjected to rigorous auditing by either teams of people I trust or by systematic processes that I trust." But of course, this doesn't sound nearly as nice as, "why would I audit Cargo instead of just copying some source files." Hence, it's misleading.

Once you expose your actual stance, IMO, it's pretty easy to say: "oh okay, you are in a particularly interesting niche which, while may be important, is likely not possible to serve right now. So you'll have to continue avoiding Cargo or otherwise wait until it has met your arbitrary requirements for auditing." But it should be supremely clear that the vast majority of people are not in your position. (And I suppose that would be your cue for some snarky response about how this reflects poorly on the state of software engineering.)