If RealVNC prevents reverse engineering, then what happens if the vulnerabilities found in the others are tested against RealVNC as a black-box test. This will give a view as to if its better by not having those vulnerabilities or just hiding behind a pretend wall. I know where my money is on this one.
Even if not all the vulnerabilities detected in the others can be tested from the outside, a sample of n that give correlation to the others will help in giving a view of the likely risk
Alternately, and the far easier option. Dump RealVNC and go for something else given that the security can't be independently verified and remote console access is kind'a important from a security perspective.