Except this RC1 update, every release since around January is open source. There is probably a testing reason behind it, also it's not mandatory.
Nice from a 10 post account to ask for caution, but John most probably won't spread any malware considering the amount of work he put into this project.
Having the source code published, as it is the idea behind section 6 of AGPL used by previous versions, would remove those probabilities.
No need to take the word from a 10 post account as advice (or a Terminator movie character with negative karma for that matter) just read and compile the software that can potentially run your money. Tweaking it to fit your needs.
Don't take me wrong, I like the idea of Vanillacoin, I have some, and I am curious to see ZeroTime concept tested in the real world, I might be a little frustrated for not being able to run RC1 on my linux box and be part of the testing group, that's all.