That's why we need to set up a community and way of working, such that no single developer is in a position to be a malicious influence. E.g. reviews, reproducible builds, community signatures to signal ability to reproduce same result, etc.
Discussion
Let me put it like this: would you rather hope to be better at hiding than someone else is at searching, or would you rather make yourself non-vital component s.t. there is no point in threatening/manipulating one individual, because one individual cannot turn the tide? Especially when it concerns artifacts/results, if trust is based on repeatable results and multiple verifiers, one person if under pressure could at best nudge.
And, fwiw, yeah, hiding can protect from other threats. I won't deny that. But making yourself a non-critical target means there is less benefit and less incentive.
For example, if 5 devs submit signatures for their locally built programs/libraries, then a github build system cannot be corrupted or produce unexpected results because none of the signatures would match.
So now an attacker would need to corrupt 5 dev computers or the public source repository (and remain undiscovered), because corrupting one dev is no guarantee.