Thank you for your review!
Just want to mention that I have no plans to verify/publish the new Gateway smart contract source code. The previous verified version of the Gateway smart contract was here from the April 30, 2018: https://etherscan.io/address/0x3E0371bcb61283c036A48274AbDe0Ab3DA107a50#comments.
And I’ve had a bad experience with it: many clients just replaced it with thier own copy avoiding the 1.5% fee. In this new version I’ve decided to protect myself from such behavior. Special considerations have been taken in the contract code against such manipulations.
To support users who can not afford the 1.5% fee, the new contract version supports a monthly/yearly subscriptions that can be purchased with Ether to have zero fee for the whole subscription period. This feature is not exposed in the plugin code yet, but will be soon.
About the verification, my plan is: if this plugin will earn enough money, I’ll hire some well-known audit agency to perform a private contract audit and publish their audit report. Contract code will stay proprietary.
To conclude: I’m roughly about two years in this business already, and I’m here to stay. This is my linkedin: https://www.linkedin.com/in/olegabrosimovnsk/, facebook: https://www.facebook.com/olegabrosimovnsk, github: http://github.com/olegabr, reddit: https://www.reddit.com/user/olegabr and twitter: https://twitter.com/olegabr. This is my site: https://ethereumico.io. You always can contact me in a support chart here.
That is not the contract that is being used within your plugin. For all we know you will withdraw the funds that are not yours. I am not saying you will but not allowing people to look at it, is because you more or less you have the ability to take everyone’s funds whenever you wish, aside from the 1.5%.
It seems you are worried about people taking it. You should be more worried about people using it.