Though I'm no tptacek, I think the reasoning here is that even though TrueCrypt is undergoing an audit, it's not under active development and unfortunately due to the licensing, any patches produced by the community could be on uncertain footing legally.