This can happen with ANY program. An open source version of vLite would be no different. No matter what it is, when you install a program, you're opening up your system. If someone wanted to, they could make a "nefarious version" right now. Just create an installer that installs the current version of nLite, along with some malicious goodies Heck, an open source version would be even safer than a closed source one. Having the code means you know exactly what is going on with the program. You could add things, remove things, or just compile it as is