I assume that he is talking about security concerns, not licensing concerns. For example: the specific areas of code that the DOD uses will become public. This may leak more information than the DOD would like.
The more fixes you see them sending upstream in particular area, the more likely they're using that area of code.
If you suddenly see a new project getting contributions from some particular source, you may be able to correlate that with a project they're working on.
As others have said, nothing requires them to do this.
And, as a practical matter, the fact they used Windows seems to indicate they can either maintain a kernel entirely in-house (as essentially no MS developers have security clearance) or that they aren't focused on what the kernel does in the first place and do all of their special software in userspace. My money's on the second of those possibilities.
