Oddbean new post about | logout
 I simply do not know  
 Neither do I, which is why I'm skeptical of “open-source” apps and view them as a form of security theater: something that appears more secure but isn't.

The worst thing that can happen is that, in the name of open source, an app developer accidentally publishes secrets, which allows an attacker to publish a malicious version of the app that leaks every user key.

If I publish the source of my app, I will take care to ensure that the source code can't be built and released maliciously. 
 I appreciate your humility.