Security Preview has embargoed code. They are made to be released and disclosed later, you can't release the patches' source codes or details under said embargo. BUT, you are allowed to release compiled binaries. It's silly. You can reverse engineer them. In fact, that's kind of why this is being done. It wouldn't be hard for people to reverse the patches from a binary-only release and turn them into source code patches. Source code patches made by others outside GrapheneOS could then be shipped in our main branch.