This looks like conspiracy-mongering to me.
Your complaint appears to be that Linus isn't spending his time looking at
every single commit he merges, determining if it could be a security hole,
and rewriting/rejecting it until the changelog mentions that.
Am I the only person who thinks this would be an enormous waste of his
time, and that if the changelogs don't mention such things, perhaps you
could pin the blame on the people who *wrote* the changelogs, and who
could have many reasons for not mentioning that (god knows not all crap
commit logs are crap because of some enormous conspiracy).