Yet, it's written in C, it hasn't had a security audit, it does not publish a list of security risks and mitigations, and, regarding its roots in 4chan, see for yourself: https://github.com/irungentoo/toxcore/issues/1186
As for security risks and mitigations, I'd like to do that when we have a web presence with space for it. Right now, the web presence is fairly poor (http://toktok.github.io/). The specification contains some security risks and mitigations.
P.S. Now I see activity in new core repo,that's cool
As for the fact that it's written in C, GPG, Tor, Psyc, and many other pieces of security software that you trust are written in C. It's dangerous, but writing secure apps isn't impossible.
My point exactly. It's dangerous and if it's not paired with many good security practices, it's better not to advertise it as "protect you from XYZ".