rPHAVA is currently private under the rational that we shouldn't teach the vandals how to avoid our countermeasures. This prevents other public phabricator installs from using the plugin. https://discourse.phabricator-community.org/t/spam-countermeasures/1601 is an example of one install who could perhaps benefit from rPHAVA. There is also the possibility that others would contribute improvements to the code if it's released with an open license.
Given that the plugin is configurable and we could keep the tuning parameters private, I don't really see any harm in publishing the source.