1) the code AI produces is full of problems, and if you show it, people will make fun of you, or
2) if you actually run the code as a service people can use, you'll immediately get hacked by people to prove that the code is full of problems.
2) there are plenty of services which do not require state or login and can't be hacked. So still plenty of use cases you can explore. But yes i do agree that Security for production live things are still the biggest worry. But lets be honest, if you do not have a real security person on your team, the shit outthere is not secure anyway. Small companies do not know how to build securely.
The Cloudflare OAuth lib is impressive, I will readily admit that. But they also clearly mention that of course everything was carefully reviewed, and that not everything was perfect but that the AI was mostly able to fix things when told to. This was surely still a lot of work, which makes this story also much more realistic in my opinion. It surely greatly sped up the process of writing an OAuth library - how much exactly is however hard to say. Especially in security-relevant code, the review process is often longer than the actual writing of the code.
Forgive me if this is overly blunt, but this is such a novice/junior mindset. There are many real world examples of things that "worked" but absolutely should not have, and when it blows up, can easily take out an entire company. Unprotected/unrestricted firebase keys living in the client are all the rage right now, yea they "work"until someone notices "hey, I technically have read/write god mode access to their entire prod DB", and then all of a sudden it definitely doesn't work and you've possibly opened yourself to a huge array of legal problems.
The more regulated the industry and the more sensitive the business data, the worse this is exacerbated. Even worse if you're completely oblivious to the possibility of these kinds of things.
I have seen production databases reachable from the internet with 8 character password and plenty others.
But my particular point is only about the readability of code from others.
Unfortunately the reality is there are far more applications written (not just today but for many years now) by developer teams that will include a dozen dependencies with zero code review because feature XYZ will get done in a few days instead of a few weeks.
And yes, that often comes back to bite the team (mostly in terms of maintenance burden down the road, leading to another full rebuild), but it usually doesn't affect the programmers who are making the decisions, or the project managers who ship the first version.