"None the security model relies on the operation methods / code not being known."
Except the "security model" does not actually work does it?
And had the code been published the fact that it was going to run on a very high proportion of every PC, Server and laptop on the planet (regardless of what people think they are running on the actual processor they bought) would have made for quite an energetic effort to scrutinize it for bugs.
Of which there have been a distressingly large number.
You aren't by any chance one of the development team? That would explain your AC.