I've got some concerns about the current level of security for the Eco community.
The first thing I noticed was forum privacy. If you have the link to the developer forums, you can read all of the posts without logging in. Furthermore, I was able to access the Slack team spreadsheet without any kind of login, and I could edit the information freely.
I was not able to locate the developer forums without already having the link, but I don't feel that this is an adequate level of security. I would like to feel more comfortable sharing my personal details in the community.
When I tried to find the developer forums without the link, I was able to find the public Eco forums. These have already been subjected to spam.
Finally, with regard to the code proliferation question, if the intention is to keep all the source code and assets confined to this community, I believe in principle we should all agree to non-disclosure as a prerequisite to that access. I don't think viewing the spread of the code on the Internet as inevitable is a healthy approach, and steps should be taken to protect it.
I am also a bit unclear on whether or not "open-source" is really an accurate description of the intentions when the protections being sought by the licensing are considered. Even if something truly open-source is the ultimate goal, I think the product is especially vulnerable during this early phase of development, and public access to the code should be delayed as much as possible or until the ownership of that intellectual property clearly decides to grant the public access.
I think it's ambiguous because (to my knowledge) the information protection legislation doesn't explicitly cover a scenario where expanded access is being granted to a specific body of people who are neither employees or contractors, but I don't believe that precludes the right of the information owners to take steps in protecting their intellectual property directly.