if you understand security. no one wants a service to be open source, because hackers could find exploits
Lol. This is one of the most well-known fallacies in security. "Security through obscurity" principle -- AKA "closed-source software being more secure than open-source" -- is entirely debunked. As I have already said before, believing that this provides security, besides
false, is a sign of utter arrogance. Believing that you'll obscure the source in such a way that it will be impossible for third parties to discover your obscurity is just plain dumb; and once they do, your system will be vulnerable.
Most exploits aren't found by using the source code in the first place. Quoting my past self:
Closed-source software is nowhere close to better than reputable open-source software in terms of security. Being open-source doesn't mean more vulnerable than closed-source. Most attacks, from dynamic which work as a black-box (push inputs, observe outputs) to static which use pattern matches against binaries require no source code. Even if source code is necessary for an attacker, they can use disassemblers to reverse engineer part of the source code they want.
Now please don't derail this, or I'll have to use the Delete.