Hi, yes I'm aware I can read the source code, but 1) even if I tried, I'm certainly not good enough to identify any suspicious code, and 2) that would take me forever! I wonder how other people have approached this problem. Is there a shortcut to address security concerns?
If you are indeed as you say "planning to use Backtrader for institutional purposes" and "compliance with company cybersecurity policy" is a concern, you can either get your company's cybersecurity department to look into it, or get it audited by an independent cybersecurity firm.
It sounds like you have all the available resources from source code to institutional backing to make an evidence based decision instead of a faith-based one.