You can expect anything you want in software you use, and choose not do you software that fails to meet expectations.
A software author who takes pains to publish his work and who accepts financial donations, is likely interested in maintaining his reputation and improving his skill and quality.
Finally, security bugs are in a class of their own. Giving out free junk is OK. Giving out free secret poison is not.
> Finally, security bugs are in a class of their own. Giving out free junk is OK. Giving out free secret poison is not.
It is not if it was done maliciously. If the code you got for free contained some mistakes it's ultimately your responsibility - You didn't have to take that pill you got at the party.
Accepting donations could change this, but I would say it depends on how they are presented - "campaign donations" ala Joey Hess or "Hey thanks for the the party last night, here's $40 to cover some of the booze!"
Alternatively, I'm curious how you feel about companies offering you "free email, free search, free image hosting, free social media" etc, (actually, in exchange for all your behavioral data) ((actually, even if you never directly accept anything from us))?
If that's true I don't feel entitled to expect anything here.