Less well maybe but yes. Security researchers still proactively test them, and the maintainer has a much better chance of catching it themselves.