> Wasn't BCB breached for a couple hundred million reais this month, as well? Maybe they are trying to keep the code closed because they know it's insecure

It wasn't a BCB breach. The issue was with an integrator. Like a client API built on top of it that provided banking features to fintech startups