The lack of a 100% guarantee is entirely the problem.
replyIf you get to 99% that's still a security hole, because an adversarial attacker's entire job is to keep on working at it until they find the 1% attack that slips through.
Imagine if SQL injection of XSS protection failed for 1% or cases.
Even if they get it to 99.9999% (ie 1 in a million)
replyThat’s still gonna be unworkable for something deployed at this scale, given this amount of access to important stuff.