The blinders give you a problem in that a lot of security issues aren't at a single point in the code but at where two remote points in the code interact.
Correct. Dynamic runtime interactions will always be a hard problem as it’s hard to see in static code even for humans.