First of all, this is a reliability question, not a security one. If someone malicious already has write access to /usr/bin then you're already screwed, there's not much damage you can do with a compromised /bin that you can't already do with a compromised /usr/bin. Not to mention that they probably also have enough privileges already to do whatever damage they want to do, without having to trick some other process into running their payload.
From the reliability perspective (protecting against accidental damage), the /usr merge makes it easier to set up A/B booting and protect the entire system, rather than blessing a small subset of the system and preventing anyone from upgrading those components at all in the future.
From the reliability perspective (protecting against accidental damage), the /usr merge makes it easier to set up A/B booting and protect the entire system, rather than blessing a small subset of the system and preventing anyone from upgrading those components at all in the future.