While open source is awesome and I trust it more than closed source for security, just because the code is able to be audited doesn't mean that someone with the skills to do so have actually audited it. How long was that OpenSSL bug around last year before it was found?
I mean, I'm still going to try this one out, but how a technical end user that is not a security expert properly vets something like this is not an easy problem!