Everything is basically security by obscurity
Tbh, I don't believe in that. There are many open-source projects that are more secure because it's open. Bitcoin itself is open and the concept itself makes it secure.
English is not my native language, so I think I was misunderstood
. When I said "Everything is basically security by obscurity", I referred just to bot protections. Do you disagree with that too? I would love to see a protection that's not easily bypassed and isn't just another CAPTCHA.BTW, I absolutely agree with you and most here that its gonna be incredible hard, or even impossible, to make a faucet script that is protected against bots and scammers. That's is also my dilemma (and mentioned by others) if this should be open or not.
As I said, I believe that the best bet is just to make a custom script that won't be used by tens of faucets. No one (I hope) will bother to write a bot for a script that's used just by a couple of sites.
Going open source will help you with "hard" security vulnerabilities like SQL Injection or logic errors. But can also make your script popular and popularity is something that I think is a danger here.
PS: FIB is not open-source AFAIK. We are just able to read the source code and mod it although the last is formally not even allowed.
Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.