Is the idea that hackers can review the source for vulnerabilities?

I would imagine any internet-facing application would not have any issues with a source code "leak" like this, as all inter-app communication is based on short-lived credentials.