While it's true that softwares are rarely audited, protocols are much more analyzed because they are expected to be read by humans. Fortunately, the DarkMail authors want to create a new protocol and have it interoperable, so there should be an open protocol; that's the most important thing, and we must keep our focus on it.
In theory, but realistically very little FOSS is audited, and audits are not perfect (and we have to trust the auditor). We have to trust the authors.