That's good. They were able to find two bugs, so it shows they combed the code well and still didn't find any backdoors.
Perhaps they could also use a third party audit, such as:
http://securityevaluators.com/conten...ode-review.jsp
Although I remember in Sep. 2009 they had financial troubles, so it might be too hard to muster up the kind of money they would need for something like that.