Yes, that's not the primary concern, but code review (though I still think it is relevant, and fwiw I don't trust SPM or whatever Xcode variant is active, just out of experience).
Obviously it is not an issue for Apple, because it is all own code that doesn't require review 
I.e. to give an example, if I use a dep in a production project, I'm responsible for it. If I use a big project like extras, I'm going to have to review changes to NFS and SOCKS and whatnot, which are completely irrelevant to what I do. I may have to live with that, but I don't want that.
In a production project the first thing I would probably do first is fork, delete all the extras and track just the subset I actually need. It is just a matter of responsibility 
P.S.: I do not expect any changes here, just outlining my personals thoughts about it, I'm aware I have to deal with it.