Most organizations restrict access to the source code to engineers, and even at places like Google, the Android source code is kept off-limits to most engineers within the company. Why?
Note: I am not talking about write access for everyone in the company, I'm talking about read access.
Because source code (being a major component of a company's product) is a valuable asset. And like any good company, you protect your assets.
In the case of physical assets, you put them behind locked doors to prevent them from being stolen. Only the trusted are given keys to those doors.
For source code, you restrict access to those who need it, which is pretty much just the engineers who are working on it. Everyone else just needs the compiled binaries.
Off the top of my head:
1) Security Issues: If everyone had even just read access to source code, then a hacker would have a wider range of possibilities for accessing the source code. Further, it widens the possibilities for malicious hackers to exploit weaknesses in the code by seeing the source (eg knowing password rules to crack secured data).
2) Intellectual property issues: along similar lines of 1), it would be easier for individuals to copy the source code for illicit use. Code could be expropriated by third-parties, unauthorized versions could be compiled for use, etc.
And that's just with read access. With write access you open up even bigger cans of worms: accidental and/or malicious removal or edits of code, commits of code from unusual locations, messed up code revision trees, etc.
Think of this way: would you let just anyone open up your computer/car/body and let them poke around? Even if they didn't have explicit tools or access to some aspects of it/them? What could possibly go wrong?
Source code should probably be open for all employees, at least those that have signed a non-disclosure agreement, or whatever the company in question feels they need to threaten people with.
The "security" concern is vastly overblown. It's an open secret that bespoke enterprise software has had little concern for security in its design and construction. Anyone with a fuzzer can generally find as many security holes as they want. That's why most enterprises have their intranets heavily firewalled, and some even have an air-gapped "engineering network" for production systems. Any of the multiplicity of developers that work on any given application can pretty much crash them at will.
The only security concern that's viable is if developers keep passwords (oracle, or OS or whatever) in the source code. But that's a completely separate concern really. Any decent security standard will forbid that absolutely.
Mathematically, there's no security advantage to closed source. See this and this and the first part of this. Anecdotally, reality works as the math says.
"Intellectual Property" issues are an entirely different beast. Given revelations in the SCO Linux Trials, companies may be protecting themselves from outside legal threats as much as their keeping their own "IP" from leaking out. Nevertheless, the benefit obtained by opening up may be greater than the detriments imposed by legal threats. Very few data points exist, so I believe that the "IP" lawyers or the "Risk Managers" are declaring source closed solely out of superstition. It's easier to say "no" than it is to say "yes" for the usual aparatchik in a corporation.
Just throwing some suggestions out there:
Perhaps the source code is sitting on a separate repository, which means admins may have to set up new accounts for every Tom, Dick and Harry who wants read access. In that case the admins are likely to only set up accounts for those in the team. This is true at my work, even though we have only about 300 people.
Perhaps they don't want to support dozens of different versions all downloaded from random versions from the trunk
