I mean, it shouldn't. Humanity is perfectly capable of building secure web services without having to keep the way it works a secret. You don't publish your encryption keys with your source code, which is what your security should be depending on.

And what's more, Reddit themselves did not even use that excuse in their official statement for it, even though to me their excuse felt even less logical.

Basically, they don't want to leak the crazy features that they're developing and have such piss-poor source code management that they cannot provide tarballs of clean states of their source code.

I mean, how do they deploy new versions, if they cannot cleanly separate feature development from stable code?

https://www.reddit.com/r/changelog/comments/6xfyfg/an_update...

Making something closed source does not make your product more secure, it only makes it harder to look at. Determined people will still try to understand how your software works in order to accomplish their goals.

It goes both ways, being open-source can also make your product more secure, as it's out in the open and a lot more eyeballs look at the code.

They could certainly upload a version of that file with dummy variables (unless that's what this is).

That violates Kerckoff's principle[0],a cornerstone of modern information security. I would run far, far away from anyone coughtelegramcough who claims "its secure, don't worry about it" and otherwise refuses to expose their codebase to scrutiny.

[0]:https://simple.wikipedia.org/wiki/Kerckhoffs%27s_principle

A lot of bad developers like to use this excuse but it doesn’t hold water. Open source has a history of producing better security results.

That's just shitty hardcode, sane human beings build only prototypes like that, not production code. Going opensource would have that code reviewed and fixed -> means positive impact on security.