The code is high quality and easily understood by others - see Kristov Atlas review.
That's why exploits were found by an amateur coder within a few days after the code was released as open source.
Why did Atlas miss them?
the exploits were in masternode payment scheme weren't they? I don't think atlas reviewed that part....he was looking at the darksend code...maybe i'm wrong...