its not that simple.
the fact you cant use it for any business of your own seriously disincentives good people from taking long thorough looks.
With a real FOSS license you can fuck around and know that if something cool comes out of it you'll be free to use it.
With the CC's license you're restricted to the set of people who will donate their time to audit.
It makes a big difference.
I'd think anyone who has the capability to review it and is considering using a ColdCard to store their life savings would be pretty highly motivated to review it. Yes, that is a very small minority of folks, but it only takes one to sound an alarm.
I do take your point that having the option to use the code for your own for-profit project would very likely attract more folks to review it, though. That said, all the alarmism about it does not generally take that kind of nuanced approach from what I have seen. Indeed, you're the first person I have seen make that point.
Most of the time it's "OMG! ColdCard isn't open souce!!?? How do we know they aren't going to rug pull us and steal all our money since there's no way to know what is running on their hardware!!??"
