What I am completely surprised at, is releasing the source code shouldn't compromise security - look at all the open source content management systems, forums and OS's that are MORE secure than closed source ones.
This is shear coding incompetence.
And they've had close to a decade of shouting from their own team to fix it.
What I am completely surprised at, is releasing the source code shouldn't compromise security - look