If it works, does any of this matter right now? He's trying to make his business survive, not craft a work of technical art. Shouldn't he spend his time on marketing if the thing works?
actually, there's no big big items but opensourcing isnt magic, you want people to look at it.
if the project looks nicely managed, its a lot more attractive :)
Hey man, thanks for existing. The amount of money I make from cleaning up after dipshits who think "just throw some spaghetti at the wall, we'll deal with making it sustainable and secure later" keeps me almost embarrassingly busy. Of course, I'm as often as not the last money they spend, because if that's how you're running your business, you're screwed anyway. Keep being ignorant; keep writing me checks.
This is precisely the type of attitude that would cause me to not want to even start on a side project. I'm floored whenever someone puts up a side project for feedback, and then a flood of high-quality technical feedback comes on how to improve things. That is cool. This is not.
It's not the attitude of saying that security isn't taken seriously that gets me upset. It's the condescension. Let people learn by making mistakes, sometimes there's no other feasible way. Think of how to be helpful, not condescending.
And I think the attitude that "screw security...shipping is all that's important" is monumentally condescending, and shows incredibly poor business skills. It's saying "look, fuck the customers and whatever data we may collect about them, as long as we launch". And it's not a zero-sum game; you get a long way to "good security" with "good coding practices" and some "good testing". The only real up side to having to clean up the mess after some snotty brogrammers who's only response to "you just dumped the PII for 25k customers into the black-hat market" is "So? We got 25k customers!" is being able to respond "not any more".