Actually, I think that stats-cheating is not the main concern (although I suppose it's a valid one). My understanding is that the source (especially the protocol portion) is not open because a malicious party could use knowledge of the protocol to really muck up the project in a variety of ways like:

1) submitting "fake" primes that take resources to verify.
2) submitting completed blocks that haven't really been worked through - when it is actually completed, the residues won't match and resources are required to see which one (if either) is correct
3) resubmitting blocks with non-matching residues to generally cast doubt on client and project reliability
4) etc...malicious parties seem to be quite creative in coming up with ways to muck things up (for reasons that quite elude me personally).