Security
The audit trail
The .ipfs contracts are a minimal adaptation of the "wei names" codebase. That base was reviewed by three independent security teams, and every line that changed on the way to .ipfs is public. Nothing is taken on trust: read the reports, then read the diff.
What changed from the audited base
A complete, line-by-line comparison between the audited wei-names contracts and the deployed .ipfs contracts, hosted on this site. If a change is not in this diff, it does not exist.
Audits reduce risk; they do not eliminate it. The contracts are immutable and ownerless, which means no one can patch them, for better and for worse. Never commit funds you cannot afford to lose.