Comment by jart

Open source software is unsecure. It's neither secure or insecure. Securing something means implementing policies like SSO and ACLs. That's not open source's job. Open source gives you a tool and it's your responsibility to secure the thing. It's not the responsibility of open source developers. It can't be. What they strive to do is to not ship something that's known to be insecure.