It means the gp considers the problem space sensitive enough that the source should be available for inspection and modification.
The more central to your everyday life something is, the more important that is. We take this for granted elsewhere in our lives.
You buy a refrigerator, the fridge company doesn't get to tell you that too bad you're only allowed to keep soda in their $80 dedicated "Soda rack" and that little shelf is only for vegetables - you can just put your soda there anyway, and if you want you can even make or buy a gizmo that dispenses cans just the way you want, screw their $80 plastic garbage, you made one from stainless steel scrap at community college.
You can take Free Software like pass to pieces to understand how it works too.
The thing I keep coming back to is how it uses 'tr' to get random passwords, because it's so simple and yet when you step back it's obviously the correct design. The method goes like this:
Unix 'tr' has a mode where it just ignores all input except the character classes you selected which pass through. So e.g. you can say you want passwords with just A-Z0-9. Hook it up to /dev/urandom and the device spews random bytes into it. All the ones that aren't acceptable are just thrown away. Then you catch the desired length of output from 'tr' and you're done.
I've seen software attempt to try to bodge a budget of random bits into a fixed character set, which is very difficult to do safely and correctly - but 'pass' just doesn't try to do that at all, why bother when you can make as many random bytes as you want anyway?
Yeah, that's not really relevant to me... Along with ~99.5% of people out there, I will not be fucking around making customizations to my password manager. There are things you tinker with, and then there are things that hold passwords to your financial and professional life. I have not yet and will not anytime soon be rolling out my own crypto or my own password manager and trusting it with real-life credentials.
