I can think only of one downside that open source projects bring - they require more management.
There are more "downsides" than that, but probably one of the most important.
Many people have the wrong idea that Open Source is "just Upload it on Github" and than everybody will be happy.
The reality is much more complicated:
- Educate Developers, because Open Source require additional skills and concepts
- Decide the License.. GPL, MIT, and so on...
- Crosscheck how to bring the code to this level of license
- Define Guidelines (companies have their guidelines, but in that case you need to write something for outsiders)
- Create Internal and External Workflow (Unit Test, CI, etc)
- Have at least one Developer and one "Community Manager" which take care of "community management" (Pull request, Handle Complaints, etc)
- Decide if and how people could use the code (parts are handled by License, but what about API Keys availability for Server-Connection?)
And this is just a small list I made now. Even if somebody will not like: Look how long it takes for Microsoft to Open-Source their .Net Framework and they put a lot of efforts in it (Manpower, Money, Commitment). Sure the GoG Galaxy Client is not that complicated and therefore would not take over a year for a 45% Coverage of "migrate the code to Open Source". Still it's not just "a bit more management"...
So will these efforts make a big impact for the development and evolving of the client? Another Downside: Defiant children - Syndrome
If you observe the development of other "bigger" open source projects you will see that they took time to build their current state. And some of them can only work, because there is a Repository Owner who just reject stuff and don't comment or even discuss about some topics.
Nobody will be angry if Linus do it. But what about GoG?
What if they decline any "Reverse-Engineered Skype-Client with Ingame Chat" - Pullrequest? Some people would complain, some would make a fork and suddenly we have several clients out there with an illegal feature. GoG will maybe enforced to stop these client from working: So GoG will be the bad guy (not DMCA, not the forks)
And how many of you can remember the "good old days" when a friend told you he has a new modified MSN/ICQ Messenger which is really cool and you should also install and suddenly these clients were Scamware? Do we need something like that for GoG?
As for the installer: I don't mind if it's open source. The possible risk/impact is quite low.
As for a client: I don't see any real reason for being open source because the possible risk is too big (if you have a steam-like client in mind in features and functionality ... except the DRM)
Just some additional words about the Overall "Open Source"-Religion: Miss understandings
Open Source is no guarantee of trust, security or stability. Open Source is just an opportunity. Whats?! But!
Open Source give the opportunity to check the code. It gives the opportunity to make penetration tests and see if anything is strange. But in the end somebody has to do it and anybody else have to believe/trust in him/her.
In the last 1.5 years we saw many open source projects fail in security. Some of these bugs were really old and nobody found them. Because nobody checked it. Everybody believed that "someone would do it and would write if something is strange". Just because Edward Snowden appeared (and hinted that some popular Open-Source has big flaws), a few people started to do the dirty work and make checks... so by coincidence really old bugs were found.
The same goes on trust.
Whatsapp has now the Textsecure Encryption implemented. Still nobody could check the servers (And there are some assumption that it is not well implemented).
If you bring it to GoG Galaxy: Nobody would know if the client or the server would be 100% as the source code is. And because some crucial information are not in the source code (lets say API Keys for the service) we could not be cross checking by just compile the code and run.
You even saw it on TrueCrypt -> It took quite a lot of work to audit the software. Even if it was open source... It goes down to two simple questions
How many of you are able to contribute by coding? How many of you are willing to do it? Because: "Somebody" is in the end often just "nobody".