Of course, it's a largely hobbyist venture, which also inadvertently makes it more difficult to audit. But the software engineering aspect was not really the point, just the context: the vast majority of people will just blindly install anything (regardless of whether it's open or closed source), clicking through the installation wizard, accepting the prompts for admin privileges, etc, without a care. But even within the minority of us end users who know what "open source" even means, there's a shocking amount of people who assume that an open source project is necessarily safer because, well, the source is publicly available... someone must've already done an audit, therefore it's safe.