Obviously as you mentioned they need access, how else can they sign transactions? I think what people need to realise is that the more open source it is the better. Makes life a lot more hard for malicious code to be spread networkwide, there's a lot of people scanning that code to be sure it's legit all the time. Any malicious stuff, I'm hoping at least, that it'd get flagged up pretty sharpish.