Arguments and use cases for and against qubes

I have been going around making an argument that roughly goes something like:
“If you 1) care about not having backdoors and 2) run a bunch of un-audited code then you should use qubes because without qubes those are mutually exclusive”.

This argument is not precise or technically true, but gets my view across pretty well.
I tend to make this argument to developers and since basically every single person cares about not having backdoors and since developers run a bunch of un-audited code I personally believe all developers should basically run qubes.

However I’m looking to explore counter-arguments to this. The most obvious one I can think of is that there is a bunch of “un-audited” code that a lot of people feel very comfortable running. Most standard linux distributions are un-audited from the perspective of the runner but they trust that the maintainers of the distro audit for them.
If someone responded to me and said “well I run a debian server for my web service and that seems totally fine” I think I wouldn’t have much of a comeback to that.

I’m curious what you guys think of my argument. Good? Bad? Too simple?
Please come with counter-arguments and nitpicks as well as arguments you yourself think are stronger or alternative.

When you run a bunch of un-audited code you’ll never be sure not having backdoors.

I have been going around making an argument that roughly goes something like:
“If you 1) care about not having backdoors and 2) run a bunch of un-audited code then you should use qubes because
without qubes those are mutually exclusive”.

Since it is indeed neither precise nor true (like you’ve said), it
doesn’t play the role of an argument. It’s a way to ask how we feel
towards “un-audited” code (it would be good to better qualify what you
mean by that) and how we manage it.

In my view, it all boils down to chains of trust. That is, people hear
your reasoning and are led to think how much they trust qubes’ devs. I
think one can make a strong case for their trustworthiness, but not that
they’re the only trustworthy devs around. So your conclusion that
everyone should be using Qubes doesn’t follow from that.

You could perhaps argue that trusting qubes’ devs buys you something
different, which is a mitigation in how much trust they must put in
other devs (for you can run their code in an offline VM, etc.). This is
of course relative to each use case.