If I get this right, you are afraid, that MtGox creditors give you false informations, so it is not enough for them to just log in and send you, what Balance they see.
Yes
The Problem about an open source bot, who sends any sort of data, is that someone simple could manipulate that data it sends, isn't it?
We could run this on a website instead of having people run it locally, but how do you know that you can trust the website to not save your password?
You could make the Code of the Website public. So you can check the code, before using it. I am not an expert on that Topic, so I am not sure, if something like that is really possible.