The rest of the clients's code is probably being cleaned up, but I guess we're trying to build more functionality and are very busy with other stuff, and publishing the code has fallen behind a bit. That's just my guess, as, as I said, I don't work on that.
From what I've seen in my time there, though, everyone is extremely capable (I have yet to see a single thing that wasn't done correctly) and very focused on security (again, I have yet to find fault with something, and I'm really paranoid).
From what I've seen (and this probably comes off a bit too PR-y, but it's true), I have absolutely no problem trusting SC with my communications, everyone takes every precaution to safeguard users' data (even in the web part, we don't want to use third-party services, our analytics are hosted by us) to avoid compromising users' data.
Anyway, I've raved too long about this. I'll just say I'm very happy to work there.
Although I remember reading about the lack of open source and the odd terms of service wording. http://log.nadim.cc/?p=89
Is that still being addressed?