[spost]

Well, we don't, but would you rather use software known to have bugs or software not known to have bugs?

[jcelerier]

uh... software whose bugs are known and whose source is accessible of course ? it's not like finder does not have CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-49/p....