Perhaps the idea is that updates provided by OpenBSD or another OS for example could be compromised or simply directed to an unpopular path, but in this way a "senate" of code reviewers with known biases provides a more democratic way of reviewing updates before publish.
This is incorrect. Urbit has two paths for changes, a vote by the senate or a decision by the developers on the git repo. It only adds more ways of making updates, it doesn't fix the the devs can do anything "problem"