> If laypeople can assemble projects on GitHub and invite similarly unskilled friends to participate, who’s being hurt?<p>The users who <i>assume</i> the authors are competent and aren't making stupid/dangerous security mistakes. I think for a while you could rely on the assumption that people who released software knew what they were doing... and that if they didn't, they'd at least have the sense to keep their half-arsed experiments to themselves.