I'm with Stallman on this one. Without access to the source code of their entire server stack, there really is no way to be sure of what they are or are not doing.
Even with it there is no way to be sure of what they are or are not doing. Trust in an external endpoint is not improved by some theoretical source code dump on GitHub.