If I get this right, you are afraid, that MtGox creditors give you false informations, so it is not enough for them to just log in and send you, what Balance they see.
Yes
The Problem about an open source bot, who sends any sort of data, is that someone simple could manipulate that data it sends, isn't it?
We could run this on a website instead of having people run it locally, but how do you know that you can trust the website to not save your password?