Specific to nonce there is nothing to worry about as there is a third private parameter which is kept in secret (one of the keys added in your wp_config.php file).
In general, there is no such thing as “closed source”, and all code can be read and interpreted by anyone that is willing to dedicate the time. The fact that it is easier for you to see how the code works do not make it by default better or worse security wise, and each case needs to be evaluated on its own merit.
In your case for example, the calculation of the nonce might be done perfectly but it might be made public because of some bug in the code.