Steve Loughran’s How to Own an OSS Project, part 1 and especially How to Own an OSS Project, part 2 bring up the always-relevant issues of security, transparency, and trust. In particular, the second entry asks a most insightful question: how can you trust the documentation?
It doesn’t help when the documentation suggests outdated practices which are, at best, dangerous and, at worst, completely wrong. (I’ve patched a few of these in Perl 5, myself.) Add to that active malice, such as a recent dangerous answer to a novice question in comp.lang.lisp, or running obfuscated code outside of a locked-down sandbox, and it’s almost a wonder there aren’t more security problems related to source code posted on the Internet.