I agree with this. There are papers written and none more formal than the patents and university papers which are published and peer reviewed. I see this a lot, we need papers, but nobody knows how many we need or how many eyes etc. I say the best way is measurement etc. I think as pgp came out and way widely used there was very little proof points (it was even illegal to export the algorithm). TOR was the same and has showed flaws (apparently paid by the US Navy), truecrypt is a mystery etc. I doubt there is a short circuit mechanism to prove security other than widespread use.
We know how widespread the NSA injections into many standards was and that was hundreds or thousands of papers and in the wild software. How much is broke ? Or the possibility of NSA keys etc. in Windows computers or Apple perhaps being able to remote access you whether on TOR / i2c or not.
So unless we put a foot forward and yes I think we can state we have designed for security privacy and freedom for all. We invest huge (I mean huge) amounts on review, third party checking and we are as open as we can be (look at me answering these posts, when we have a network to launch, the price we pay is enormous). There is not much left but to use this in the wild.
If there are bugs then we will kill them off, if there are weaknesses we will close them down. So far we have 100% less vulnerability than any system out there, of course on launch this may change. We have Engineered code to be readable reliable and able to be easily checked, this is a massive difference if you look at other projects, there is a ton of obscurity, even in open source stuff. An analysis I seen on truecrypt was a load of code that seemed to be there to pad the code base out and make it difficult to read, I do not know how true that is, but that enormously dangerous if it is true.
So given the choice of going through any network that included servers (that are owned by people who can be forced to give up info) with any system I choose a serverless mechanism every time. Then I need only trust the tech and I can measure that. In most other cases I need to trust servers and network owners. So I see it as a hugely different proposition.
So we cannot say its 100% secure and we cannot say its 100% insecure, we can say its our priority to ensure we are the most secure system from day 1 and all data and communications are contained within the network, no exits and no servers. So I think there is a step change in what we are talking about.
If we look at many of the new email services which all claim anonymity and some take cash (anonymity gone), run on servers (anonymity gone) and have admins, regardless of client side encryption then I think what we are offering significantly outweighs these services.
It is a very different proposition and its hard to not think of servers and centralised solutions and attacks. I know how hard that is.