Diaspora admits that it knows there are security holes and issues, but that hasn't prevented reviewers from attacking the project. In his blog, Steve Klabnik, CTO of CloudFab, says:
Basically, the code is really, really bad. I don't mean to rain on anyone's parade, but there are really, really bad security holes. And they're there due to things that any professional programmer would never dream of leaving out of their code.
As Computerworld explains:
The basic premise behind Diaspora is that it will allow users to have social networking functionality similar to that offered by Facebook, but with far greater control over personal data.
But Patrick McKenzie, a blogger and software developer based in Japan, calls early versions of Diaspora "screamingly unsafe." He isn't the only one who feels this way. Reviewers on GitHub have discovered more than 140 issues, including cross-site scripting errors and code-injection errors. However, Diaspora does have its defenders. One commentor on Y-Combinator says:
This code was released to developers as an incomplete preview. I'm not sure why people are holding it to the same standards as a finished product that's being released to end users. Seems like a pretext to talk trash.