> That's fine, because the open source nature means you can see everything the app is doing and verify that it isn't malware (and if not you personally, then someone can do it).
Closed source isn't a barrier to reverse engineering in any practical sense anymore. It's a post-IDA world.
IDA has been mainstream among reverse engineers for at least 15 years, and equivalents such as win32dasm existed before that, so there is not really a notion of a post-IDA world.
Closed source is very much a huge barrier in verifying what software is doing, just as much as it always has been. I say that as someone who has been reversing engineering professionally for much of that time.
The number of people with the expertise and access to IDA is a tiny subset of those who can just skim source code. And those who are competent reverse engineers take 10x-100x longer going that route. An even smaller subset of those have the inclination to even bother doing this for free in their spare time.
Closed source isn't a barrier to reverse engineering in any practical sense anymore. It's a post-IDA world.