Another fail for security by obscurity
As evidenced by this report, obscurity is not security.
Open code review = more good guys looking at the code = fewer trivial vulnerabilities.
If the code cannot be made public, at the very least use proven cryptography. While we're at it, quit outsourcing all the jobs and hence all the expertise which is needed to develop robust products in the first place.