Being open source means anyone can independently review the code. If it was closed source, nobody could verify the security. I think it’s essential for a program of this nature to be open source.
The source code is the ultimate reference. It defines exactly what the protocol is. Any other description is just an approximation.