Trust questions: Not fully open source and requires root

[UltimateByte]

Hi,

Just found out about iVentoy which seemed very promising. Until i tried to start it and it said:

$ ./iventoy.sh
Please use sudo or run the script as root

So I've got three major doubts about this program which stopped me from running it for now:

1. It is not fully open source.
2. It requires to start the program with elevated privileges.
3. Ultimately, it is developed from China, which becomes a problem because of the two previous points and the security risks involved with this country known to hack basically anything that can be hacked.

I'm not the only one thinking that way as the most upvoted answer warns about it here: https://www.reddit.com/r/selfhosted/comments/14ifnii/iventoy_is_out_now_ease_of_ventoy_with_just_on_pxe/ and the most upvoted answer to it says "Too many red flags for my self hosted environment. I'll keep an eye on it but I won't install it until a lot of that changes" and has almost as many upvotes.

So I've seen there was a paid version which might explain why it isn't fully open source. However I don't imagine people using such a tool recompiling it or using unofficial sources just to avoid paying a reasonable price of $49 when needing the pro version.

So, why is it not open source? And why does this need elevated privileges? For example game servers provide listening services that don't require root privileges at all and have been working well for years that way. And how can we trust this program to not add backdoors or other unwanted scripts/programs to the hosting system or to machines installed using it?

Thank you