Rebuilding and running tests on that amount of packages every time there's a security update in a dependency is completely unsustainable for Linux distribution as well as the internal distributions in large companies.

I worked these systems in various large organization and distros. We did the math.

On top of that, delivering frequent very large updates to deployed systems is very difficult in a lot of environments.