The visibility of the transactions in the blockchain enables anyone and everyone to confirm the validity of the ledger. Cryptonote does not have this visibility, therefore the validity of the transactions cannot be confirmed, which means there is no independent way of verifying that the implementation or the protocol have not been broken.

It could be broken, we dont know and we have no way of showing that it is not being exploited right now.