Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Well, on the other hand anyone who goes for an open source exchange to run their platform as if it were just another WordPress site is probably better off that way than trying to cobble their own custom solution. Whether one should use such an exchange is a different question of course, but if one is not to be stopped from running an exchange of their own, using an open-source platform might be the lesser evil. Even without having looked at the code of this project I'm fairly certain crypto has seen worse exchanges in terms of security. Not that the bar has been set that high, unfortunately.