I expect a criticism to be "how can we tell that this thing is secure without the source code". This is valid. Are people interested in reviewing source?