"The app is compiled to a binary, which means you have to be an expert at reverse engineering to be able to de-compile the app."
It just means that nobody has written automated tooling to do this. The procedure is super easy and the implication that there is any security benefit to the way Tauri bundling works is fundamentally flawed.
I agree with your last point, no, sorry, reverse engineering machine code back to actual, re-compilable source is not at all straightforward. Hex-rays has been trying to do this for ages and still doesn't get things right
With Tauri, the backend with all the non-UI logic is Rust, so you can't just magically spit out source code from the binary. With Electron, the non-UI logic is NodeJS, so you can extract bundled Javascript. Bundled Javascript is much more obvious than machine code.
It just means that nobody has written automated tooling to do this. The procedure is super easy and the implication that there is any security benefit to the way Tauri bundling works is fundamentally flawed.