It needs trust, that the closed source part it doesn't contain any nasty stuff. I'm not a developer, I still need to trust in peoples who can verify the open source codes, but till today all my open source choices are working perfectly fine and never f@cked me over. This can't be said about the closed source ones.
Discussion
I agree with you. In fact I always say that encryption with tpm make no sense, I have to trust a closed part and that is never good in cryptography. Never combine luks with tpm for example. With this I mean that I prefer a Linux machine with luks than a macos with FileVault + security chip. But that does not mean that macos has a good architecture and is a model to follow in many things. As I say I invite you all to try Fedora Silverblue, for me it is the model to follow for Linux. Secure Boot + SElinux + immutable system image + Flatpak
This is why there are macos alternatives popping up like airyxos and hellosystem (bsd based). Plus the apple store could make it easy to disallow programs government don't like. This page explains it much better then I can:
I totally agree with your comment, but we must differentiate between privacy and security. Is macos good from a privacy point of view? No but it is better than for example windows. Is linux in general better from a privacy point of view than macOS? Yes, it is. Is Linux in general from a security point of view better than macOS? No.
Although the latter is not very nuanced, for example a vanilla fedora is much better than a vanilla arch linux from a security point of view. But a vanilla macOS is more secure than a fedora, that's my opinion of course.