I've been working on putting together an open source project for credit card payment systems. I've worked as a lead developer in this area for about 9 years now. One of the main challenges faced in this project is that some processors require strict NDA's. Also, by processors I don't mean the likes of Authorizenet, Verisign, etc.. I mean the real processing networks such as Vital, FirstData, etc..
Most of the code could be open source without any problems, but the pieces that implement the API's of the processing networks will be restricted in varying degrees. For some, I might be able to distribute the source, but for others I can't. I need a way to hide the source for particular modules. This isn't a case of security versus non security, it's a case of working withing the rules as they are, whether they make sense or not doesn't really matter at this point. They just are what they are.
The main reason these companies don't want anyone not bound to their contracts getting ahold of the source is that changes require re certification, and amateurs changing the code without knowing what they are doing can have some rather bad side effects.
Now all of that said, the code that implements the processing API's would only be about 20% of the overall project. There would be a lot more features and layers on top of the processing code itself.
I really do not want to go to Java or Python, but for this project to work some modules must be delivered without the raw source. Does anyone have any ideas on this? It seems the perl compiler has been put on the back burner, and I've taken a look at the encryption modules but am not sure if those would work for something like this?