The only code that they'll ever be obliged to release is code that's covered by licenses that already require them to release it, and if their trade secret containing modules aren't derived from GPLed works then it's not an issue. If they are, then getting rid of Busybox reduces the probability of a lawsuit - but shipping other GPLed code (like, say, the Linux kernel) means they're still vulnerable.
Perhaps I have misunderstood something. Wouldn't you have to analyze all of the non-busybox modules to determine whether or not any non-busybox modules are GPL-derived?
I'm suggesting that some companies would not want to let you analyze their trade secret modules on principle even when they aren't GPL-derived. I'd say that concern is unreasonable, but that doesn't mean some companies don't have it.
The wiki page mentions "review authority over unrelated products". It sounds like someone (the SFC? the busybox people?) will be able to see all their code to ensure that there aren't any more violations. Anyway, it's hard to believe that the person who wrote that page is whining about something or someone being unclear.
