is open source always safe