David Jablon writes: > Access to "the source code" may also give a false sense of security. > "The source" might not be the full, complete, and exact code > used to produce the commonly available object, and thus might not > reveal the threating features. People in the OpenSource movement tend to build their sofware from source downloaded off the net. Of course most of them never read the source, and the compiler might be rigged, but at least your local binary and your local source would be in synch.