It's probable that I am too naive to catch the tech here.
Which is to say, I may not actually understand whether the networks and servers physically located in Russia are, in fact, vulnerable to the FSB and, ultimately, Putin. It would seem to my age-addled mind that in a state like Russia -- slipping closer to a totalitarian tyranny than perhaps any time since the death of Stalin -- any infrastructure can fairly easily be co-opted by the State for its own dark purposes.
Yes, it's true that the GCHQ in Britain or the CIA in the US are doing things that are illegal, harmful, and bad. So, I gotta ask: if you were offered a choice between the GCHQ as run in Britain or the FSB as run in Russia, which would you choose? If someone said, you can live under the shadow of the CIA, or you can live under the shadow of the FSB, which would you choose?
Point being, I don't believe it's all the same thing. I don't believe that the Western intelligence agencies, for all their shithead behavior, are as dangerous to "freedom" as the Russian agencies. Whatever "freedom" means to you.
I read this news as Yevgeny Kaspersky's tacit admission that as long as his servers, networks, and codebase are physically inside Russia then they are indeed vulnerable to the whims of the FSB and Putin. And I read it also as a quite courageous assertion that black-box code should have no place in security applications. Who watches the watchmen? If it's unaudited code, the watchman can sell or barter info-scrapings, and no-one is likely to catch him.
Finally: yes, of course audits can be cheated, even if "certified" by external agencies. But it's risky. One slip, one bit of code not properly laundered, and someone yells foul. One disaffected employee, and a whistle gets blown. Much safer to take the Microsoft / Apple tack, and stamp it "Proprietary, no peeking".
So. Kudos to Yevgeny. It's a good business move. But also, it betokens a decent understanding of realpolitik, and perhaps more than a nod toward a philosophy of ethical security software.
IMHO, and caveats may apply.