Making it open source seems to me like the solution to that problem, not the cause. If there is a vulnerability in DOS 6.22 people probably know about it by now. If you're using it for something critical you probably would have an easier time patching it with full access.