Some people in the open source community tend to be naive about their fellow contributors on open source projects. They tend to think that everyone has the same lofty ideas as they do and they act like it. This means that they are lazy when it comes to protecting themselves and their open source project. Then they are surprised when someone is able to violate their trust and create havoc on the project. Or even worse than that, they plant some kind of code in the project that is able to exploit people who use it.
If you are running an open source project, you really have to be careful with the people who you work with. This is especially true when the project starts to grow. If your project is small and there are only two or three people working on it besides you then it is easier to maintain quality control and security. But as it starts to grow then you have to keep an eye out on the community more than ever before. You have to remember that you do not know everyone’s true intentions.
Some projects think that because they only give certain people admin access that everything is safe. That is not true. You have to be on guard like you were running a company. The people who you give access to talk to other people and might give up information that could damage your project by accident. Yes, this could happen to your project. We have seen it happen plenty of times. Just recently we started to see some very big open source project start to go down because of security concerns. But do not think that because you are not as big as Linux or WordPress that you do not have to be concerned. The bad guys are always looking for any way in and that way might be your project one day.