That is why people are comfortable open sourcing things like this. It is good publicity and they don't loose anything. On the other hand curious devs get to poke around and wonder how their copilot prompts were processed by the plugin. Or how it handles attaching files to context. And even what it sends in its payloads.

Of course most of the value is on the API service side. That holds true for most applications these days.