Compiling on demand is cool, but why is it needed?

If I understand correctly to make it more auditable. Still: tool-chain remains prebuilt and trusting trust issues. More auditable is better than less auditable.

Why is compiling on demand more auditable than just having open source BIOS?

UEFI is open source to some extent. There is an Intel project [1] that every company's UEFI is based upon. Even having fully open source BIOS is not enough by itself. The binary that is on your system can be anything. You can somewhat trust it if you can verify it, only if the project would use reproducible builds. But the hardware can still lie to you. What I also have in mind is the trusting trust issues [2].

[1] https://github.com/tianocore/edk2

[2] http://wiki.c2.com/?TheKenThompsonHack