I expect the "code open source" bit implies that it is client side encryption, unlike current consumer products where such data is not encrypted or can be decrypted without the user's consent.