Hey, I am not familiar with the BSC-Chain, so maybe you had better ask in their forum about this.
Yeah, you are right, the function mint can only be called by the owner, so if the owner is an Externally Owned Accounts(EOA), he can mint new tokens anytime, so you have got to believe in the owner that he would not do this.
But for this contract, you can see, the owner of the cake token is the masterchef contract, so I think the actual process should be when you stake some token in the masterchef contract, you will get cake token as the rewards, and when you want to claim these rewards, they just be minted by the masterchef contract and then transfer them to you.