**roborocko**’s analogy of breaking into a house is quite a good one.

Basically, (1) even really good designers and coders never produce perfect code, and (2) testing never finds all the bugs. The more people who get a chance to genuinely examine code, the more likely it is that someone will spot the quirky, possibly obscure things that are inevitably wrong with it – which is why Open Source is such a useful model. Conversely, the fewer people that look at it, the more things are likely to go unnoticed. (The very worst case – and I’m not suggesting that this is true for this software, because I have no particular knowledge of it – is someone trying to test their own code – because they inevitably won’t, deliberately at least, test for things they didn’t think of when they were developing it.)

Proprietary code is likely to have been looked at, at most, by a very small number of people. There almost certainly WILL be things in there that the designer(s) didn’t think of, or plain got wrong, that could be used by someone malicious to exploit it. Simple as that. That’s vaguely OK as long as no-one knows how it works – “security through obscurity” – but it’s ultimately not a rugged model for genuine security. And once the code is leaked – you have problems. People are free to look for ways to get it to do things it shouldn’t. Bascially, **roborocko**’s robber, if they look carefully, has not only your house plans but also the make, model and security code of your safe, a list of what’s in it, and a copy of your diary telling them when it’s safe to break in.