Re: Why is Wireguard in the kernel?
Why wouldn't you want it with the rest of the networking code? It's a module, so you can easily remove it. But I'm not sure security is as much of a problem here than reliability which you want above almost everything in the kernel to stop errors bringing the whole thing down.
And, given that this is not a "new" thing, which you probably wouldn't want in the kernel until all the tyres have had a proper kicking, this is really more about the process: getting other developers in earlier before the code drop would have prevented a lot of problems happening and is one of the main benefits of open source development.
And don't forget the risks attendant with all those binary drivers that hardware manufacturers continue to drop.