I guess what im saying is how do we know the main developers are not malicious? What if a client is a honeypot?