It does make it easier, but security through obscurity does not make something safe. All it does is raise the bar. Samsung is big enough to be attacked by governments, so attackers with the necessary skills, resources and motives were already there.
Unlike Linux or Windows or Darwin, this is not normal kernel code, but kernel code specialized in security. I can hope that enough pen tests and audits have gone through this that Samsung has not left any trivial leaks in the source code.
Yes, this makes it easier to find vulnerabilities, but I don’t believe the lack of the source code prevents attackers like the NSO group from hacking into these devices. In fact, three researchers at a multimillion-dollar university have already reverse engineered the API and broken encryption for the S8 to S21.
These kinds of vulnerabilities can now be found a lot faster by whitehat (or greyhat) hackers. I think the NSA/GRU/NSO are now particularly annoyed because the exploits they found in their vaults will now be resolved a lot faster.
I think that under the line Samsung will not be affected so quickly by the extra vulnerabilities that are found by the leak. What one could suffer from is that the DRM code has also been leaked. Every certificate key that has been leaked is an entire line of products that can no longer stream HD content. That costs them a lot more goodwill and trust than that the TrustZone is now slightly easier to research.