If there were a weakness in the client, it would be more likely to do with key management --- leaking a portion of the key (as Lotus Notes did once upon a time), generating keys from a non-obviously restricted set (viz. the infamous Debian "weak random generator" bug[1]), or possibly something more subtle. The presence of these behaviors might not be obvious from casual, or even careful, attention to the source code; the Debian thing was, by all accounts, just a bug, which nevertheless persisted for quite some time.

[1] http://www.debian.org/security/2008/dsa-1571