[taway2012]

They can split the program into two parts. The "UI" part and the "transport" part.

The UI part will be in charge of converting plaintext into ciphertext and vice versa. ciphertext will be handed off to the transport module.

The transport module can remain closed source. Only the API to the transport needs to be published. People can write their own UIs.

[tokenizerrr]

But that would defeat the point of opening the source, the part we're interested in is the security of the transport not how that pretty UI is made.

[x0054]

If the UI module does encryption and decryption, and if the said encryption is good enough, why would you care if the transport layer steals your encrypted data?

[makomk]

The transport layer is running on the same computer at the same trust level as the encryption layer, which means it can intercept the unencrypted data. Even if the developer's 100% honest it's easy for them to accidentally create a remote code execution vulnerability that allows an attacker to do this.