Re: How about we be given the option of audits…?
Open source is not enough to get eyes on if the people who are competent to check the code have no incentive to do so. If the code in question only applies to a niche market, then it is unlikely that anyone will spend time investigating or testing out of idle curiosity. In fact, it is unlikely that that enough potential testers will even be aware that there is something to look at. It would seem that this would call for a bug bounty to attract outside eyes, a dedicated security testing group internally or both.