why do you care?? the whole point is that the client is open-source, so you don't need to trust the server at all... if the client is encrypting the communications locally the whole server end can be closed source (or even actively trying to deanonymize you) but that doesn't matter... am I missing something?