While there isn't an official bug bounty program we've seen some pretty amazing white hat hackers take action such as @robinhood and is probably one of the main reasons the passwords are now more secure.

I noticed a potential social attack vector and sent a PM to @dan about it and he was quick to respond explaining how the site would be able to handle it automatically.

There are huge incentives to 'do the right thing' here, I think opening up the source code was a great idea.

Thanks for your article