The community can only read the source code, as of yet. All of the source code has been provided by a set of internal developers.
The fact that it is open source means that, if somehow two malware elements have made it into the source code, then someone will eventually report it. But this doesn’t mean that two malware elements cannot be there right now.
These two malware hits on total virus scan should be communicated to the developers.
Locally, an attacker still needs to know your password. A strong password can make it too expensive or impractical to brute force.
Works well so far, is end to end encrypted, open source, and the apps are nice and solid.
Works great for me. I’m running mx23 after running mx19 for a few years.
I hope mx23 is better with updates, or making easier to update, as updates broke in mx19 not long after I first installed it. My only complaint. Otherwise great.
Thanks