Hi Dominik,
it is at least less likely to have security issues the more people use/review it. I think if fewer people used windows, less issues might be found.
And of course we have done a code review, but not on 100% of the code. It is not so small a project... Also, I think there is a reasonable chance that I (or anyone) would miss something. The more people read the code, the smaller the chance something escapes them all, in my opinion.
Do you use A2X in your company? How do you approach possible security risks in Open Source software like it?
Cheers,
Timo