The development and auditing processes around electronic voting implementations are much too often deficient; this is particularly true for the measures taken to prevent cryptographic errors-potentially with grave consequences for security. To mitigate this, it is common to make the code public in order to allow independent experts to help uncover such flaws. In this paper we present our experiences looking at the IVXV system used for municipal and national elections in Estonia as well as European Parliament elections. It appears that, despite the code being public for over five years, the cryptographic protocol has not seen much scrutiny at the code level. We describe in detail the (lack of) auditability and incentives which have contributed to this situation. We also present a previously unknown vulnerability which contradicts the claimed individual verifiability of the system; this vulnerability should be patched in the next version of IVXV system.