I don't disagree with your points at all, but for what it is worth, they say they will be opening the source "Soon"[1] and have started populating a Github account[2].
Yes, I didn't mention it, but I have seen this before as well (other projects aimed at secure communications who "launch" but "delay" the release of the source code); I find this "delayed/promised open source" tactic equally perplexing. If they later release the source code, but users are already blindly routing their sensitive information through the system (because they launched first, before releasing the code), then it's too late for those users if it is later found the software is not trustworthy.