With many companies easing into open source recently, we have seen that just isn't true. If we're still trying to spread the idea that the community is dumb and is going to ruin everything and will remove value from the product if they get access to the code, that assumption is going to be tested now regardless of what they do, and it probably will keep happening because the incentive for leakers and illegal aftermarket sellers is not going to go away. Note that I don't include them as part of this community.
"Not gaining something from it" != "Afraid to do it"
The decision to open source is not as dichromatic as it might seem. In between the "yes we want to open source" and "no we don't" there is a huge chasm of "IDGAF".
That chasm is also occupied by others such as these subcontractors who are careless with security policies and end up causing the leaks. Is that the space they want to stay in? I don't think it is. And if they decide to move towards any direction, I hope it's the "yes we want to open source" direction so that the leakers don't have anything to go after anymore. They may even become good open source citizens in the end.
I don't think that's a relevant part of the consideration process. Open source is not a security strategy. Breaches happen at companies who open source their software too.
