Stealing your BTC isn't the only thing a closed-source client might do.  Make sure you don't have any personal information stored on the computer running the client, no bank account numbers etc.

And monitor the network communication to make sure it only communicates with other bitcoin P2P clients, and not other botnets as well.  It would be too easy to hide a key-generation botnet client inside something appearing to be a bitcoin client.