Usually open-source software is published in public repositories such as GitHub, so it can be easily found and modified.
How secure is it to use this wallet? Where are the private keys stored?
I'm planning on publishing on GitHub, but I wanted to document the code first. Follow the instructions in the initial post and it is very easy to get the source code.
The private key is stored in the browser only. It is stored plaintext if not encrypted, but is encrypted using CryptoJS's AES if you set a password. You won't be able to crack that without someone discovering your password.