Per Ori's suggestion, MW should qualify for a Mozilla funded security code audit
Projects that want Mozilla’s help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if the software is commonly used and is vital to the continued functioning of the Internet or the Web.
See also: https://www.helpnetsecurity.com/2016/06/10/mozilla-will-fund-code-audits/