Because the analysis needs to be done by a human mind, and it's 10x more difficult to analyse a binary, even with some tools. And it is already hard to analyze even clean source code, because there can be hidden backdoors, they are not always all called "function SendDataToFBIForTracking(data)".