Hi, the client-code is naturally open, while currently the core-engine is kept highly encrypted and we do not publish it (yet) as open-source.
There are different views with pros & cons about opening it, regarding confidential comms.
Anyway we are independently pen-tested by volunteers. Thanks