If you'd like to learn more, an independent interview was posted a couple of weeks ago [1], and the FAQ [2] has a lot of information as well.
For the source code sharing, we've talked with lawyers and are inclined to no longer require the NDA/NCC for privacy reasons shared with us before (signing requires identification), but instead use a source-available permissive license that doesn't allow competition, like PolyForm Shield [3] (we do still have about 6 months before finalising a decision, here).
This does come with a lot more risks for us (it's harder to track down if someone publishes the code or uses it against the license), but given we've already passed 100 monthly active accounts, we're feeling more confident it's an acceptable risk.
The plan is to give logged in accounts (who are 12 months old or more) a way to download a ZIP of the current code base that's in the server.
Obviously there's no easy way to prove that's the case, but we're open to ideas/suggestions if someone here has them.
[1]: https://theprivacydad.com/interview-with-the-engineer-of-uru...