Spring is safe, your keys are stored on disk in encrypted form, apps cannot access them, the source code is open.