Source code? Not to be that guy, but running random programs is asking for wallet theft, even in Java.
It's closed source, sorry. The only file access is through the webstart muffin interface for storing settings (webstart muffins are similar to browser cookies). Unfortunately it still cannot run sandboxed because it needs access to native libraries for GPU mining.
You could encrypt the wallet or run this software as a user who does not have access to the wallet files. Also, for wallets with large sums in them, it may be best not to have them with a user that is for everyday work. Perhaps you'd even want to have a "vault" wallet that's not even on the computer normally. Compare with how shops won't store large amounts of cash in the shop over time. You need a little money easily accessible and the rest stored safely.