Benjamin,
Which development are you talking about that's going on in private?
Development of external authentication, at least, has been quite open. The spec has been up for months in a public, advertised place. Our design documents, too, have been public and announced. And during development, we have at most been one day's worth of work away from the last commit to the OpenACS repository. So it can't be external authentication.
Which developments are you talking about going on in private, then?
/Lars