could someone with a good understanding of networks, programming, encryption and poker answer some questions about poker software security?

SealsWithClubs uses Poker Mavens software by Briggsoft, the FAQ of which can be found here. it states that the source code of an older version of the software can be licensed out for 10,000$. briggsoft also states that they use a card-shuffling algorithm the source code of which they provide. this does not necessarily mean that the source code provided on the website is the same one that they use for poker mavens, but for the purpose of the question i'm about to ask, we will assume that it is.

is the fact that you can buy the source code a potential attack vector? e.g., you buy the source code, hire someone competent to find vulnerabilities within it, and then exploit said vulnerabilities to grant yourself an unfair advantage (whatever the advantage may be - from seeing the holecards of another player to knowing board runouts beforehand). right now there are games running for what would be the equivalent of $80/$160 blinds, which means spending $100,000 (the actual figure doesn't matter, let's say $10,000 for source code + $90,000 hacker fee for simplicity's sake) to find exploits is a very worthwhile endeavour, as you can make the money back in a very short period of time if you are smart about it and the long-term returns are even greater.

all of the above assumes that whoever is running SWC is legitimately trustworthy.

but if they are not, and they have access to the source code, it means that they can alter the client in whichever way the want, which would potentially allow for the unfair advantages to exist for a few special people.

am i correct?

Yes, you are correct.

Yes, and no. Just because they sell the source code, doesn't mean the company using said code didn't tweak it. Also, the code may have been studied to exhaustion to guarantee no flaws.

i don't think there are any meaningful calculations down client-side. The best thing you can do client side is to fake DCs or remove some security features to allow for easier botting.

Not really. If the code has been written with a good security rules, than even with having it you can basically do nothing.

I disagree with above, client hacking would make it extremely easy for botting and the only server side would be communication with cards of dealt to players. The server just handles who has x cards that gets sent to whatever client player's id is at the table.

Hacking the client to then be able to bot freely would be worth the person's time if he had a really good bot.

This wasn't the question. The question wasn't would it be possible to bot undetected, the question was would possessing the randomization algorithm grant some sort of unfair advantage in terms of deal prediction.

The answer is no, assuming the software is competently written. There was a famous case in the early days of online poker where Planet Poker's shuffle could be predicted, but that was 15 years ago, at a time when there was a lot less money backing online poker sites. (I played in the early days of Paradise Poker at about this time and I remember one time we got over 2,000 players on at once and thought that was staggeringly high. It lagged their server to breaking point. I later learnt that Paradise was being run off a single Pentium PC).

I think all poker sites now have a hardware RNG. They are cheap and uncrackable.

Thanks for the heads up, I remember reading some stuff about the olden days of poker but wow, running off a single Pentium PC
Have to find some time to read the link.