Having recently conducted a security audit of several free/open source software programs for the Electronic Frontier Foundation, Chris Palmer and Dan Auerbach have published some guidelines for improving security in free/open software:
Avoid giving the user options that could compromise security, in the form of modes, dialogs, preferences, or tweaks of any sort. As security expert Ian Grigg puts it, there is “only one Mode, and it is Secure.” Ask yourself if that checkbox to toggle secure connections is really necessary? When would a user really want to weaken security? To the extent you must allow such user preferences, make sure that the default is always secure.