The US government can just walk in and say zoom.us has to feed all the data into MYSTIC for national security reasons. The CCPs ability to pressure some developers into adding bad code which might enable them to hack zoom infrastructure is laughable in comparison. Yes in theory they could attack some high value target that way, but only the hosting nation can exfiltrate mass surveillance without an alarm going off. Which is why zoom.cn is hosted in china.