From a business perspective, in order to have any success in attempting to impose quality standards, the first task you must undertake is to produce
operational definitions of your criteria. Otherwise your decisions are vulnerable to being challenged as arbitrary - as in this instance - and, without a clear definition of your terms of reference, you will struggle to gain the authority to support your assessments.
Acknowledging that the OP was unfortunately an informal post (being precise with language has its merits), I would nevertheless press you to supply definitions for the following (italicised) words and phrases from your post:
disturbing
code review
evidence of an existing hidden premine
extra coins could potentially be minted all at once at the end of the PoW phase, sent to exchanges via the "anon" feature, and dumped.
other concerns
the proposed method of anonymity
shenanigans with the maximum supply
sufficient
Any business has the right to choose not to trade with specific parties. If something smells fishy to you or your staff, simply do what everyone else does and privately assess whether it meets the criteria you set for your business standards and act accordingly.
I suggest that what Poloniex does
not need to do is to take it upon itself to be a crusading public arbiter of software engineering quality (
please believe me on this*).
Cheers,
Graham
*
http://cs.hbg.psu.edu/cmpsc487/IEEEStds_List.htm