Could write/leave a note but any reasoning can be countered with arbitrary time travel “rules”.

Exactly. Open source means by design there are more people able to look at the code and therefore more emphasis for those interested in the code to want to make sure it works securely. You can be exploitative and try to keep your hack secret but there’s also a chance that someone else will see the same thing you saw and then patch the code with a PR. Granted it depends on how much the original developer cares about the code to begin with to then accept or write in a patch/fix for the vulnerability that someone else brings up but the example software you listed are larger projects where lots of people have a vested interest in it working securely. For smaller projects or very niche software that have less eyes and interest, open source might not be the most secure.

On the closed source side, the people who are interested in looking for hacks are the ones who are much more motivated to actually exploit vulnerabilities for personal gain. The white hat hackers on the other hand for closed source software are fewer because not having the code available openly means they have to have more motivation (ie the company offering bounties/incentives because they care about security) to actually try to work out how the closed source software works.

BIOS /UEFI malware exist too. Your suggested best practices should also factor this in. Basically if you’re being targeted there’s nothing you can do but by being aware of these risks you have a better chance to keep yourself safe.

Actually EVs collect a huge amount of information including video and audio of the participants. It’s a huge privacy issue regardless of manufacturer country but you obviously should distinguish the difference between a foreign country collecting information on your citizens compared to your own. Neither is good but one clearly has more authoritarian tendencies and less scruples about finding and coercing compliance with any means at their disposal.