That's not the only way. There is precedent of allowing certain trusted bodies a copy of the code to pick through:
http://uk.businessinsider.com/microsoft-opens-transparency-c...
http://uk.businessinsider.com/apple-china-security-audits-ns...