>> "Can you trust [NoScript] without the code review? Is anyone going to audit it,
>> or continue assuming it's OK for anonymity?"
> Whom ever told you that is spreading false information
>The NoScript extension contains the source code. You just need to unzip it.
>The whole source code is publicly available in every each XPI.
You introduced the "Red Herring" fallacy. The original subject here is a lack of the security review, and not a lack of the published source code.
There is a big difference. One can download and look at the code all day long and still miss something like an allowance for a certain dynamic encrypted advertisement/backdoor frame. Or something like this: https://adblockplus.org/blog/attention-noscript-users
A couple of years ago or so, one of the Tor developers replied in this blog that NoScript has not been audited due to lack of resources / low priority / whatever.
Unless already being done, a regular security audit of NoScript code is still needed.
More information about formatting options
Drupal Design and Maintenance by New Eon Media
Drupal Development by Chapter Three