If you have other options or other things that should be considered, then add them. As it is, you seem to be dismissing his absolutely valid concerns without any reason as to why you think they're invalid. I have the same concerns as he does and it's the same reason I don't use custom ROMs. I have no way to know how security conscious the developers actually are.
That's a valid concern and only you can judge for yourself whether something works for you or not. It's open source. Read the code and do your research. Going to some project's thread and saying, "But, what if this is shoddy code or run by the FBI ?" is beyond pointless. Praise can be generous. Criticism needs to be conservative and precise.
That's utterly ridiculous and you're clearly arguing in bad faith.
Let's say I do have the infinite amount of time necessary and the technical expertise to conduct an audit of a custom ROM. Is every single person who's interested in privacy and security required to do their own audit?
If I publish my findings, why should anybody ever believe me? Who am I to tell anybody how safe it is? If you think it's so safe, why don't you do an audit and prove it to those of us with doubts instead of expecting us to do it?
Oh, right. You're operating on faith on these groups of people that you don't know who don't have any processes in place to ensure that what they're doing is safe for their users.
I'm not arguing that you or anyone should use this project. All I'm saying is that this line of questioning is not constructive. Sure, an audit is good, but since this hasn't been audited, what will this line of questioning achieve ? You can go to any project's announcement and pose this type of question, and it doesn't add anything. If you have concrete criticism to add, that's fine. This type of vague insinuation is what's in bad faith here.
