I had another thought about the Open Company Test. There are many individual cases where it may not be appropriate to disclose certain information (e.g., security-sensitive bugs, or private customer data in a support request). But the best way to handle those cases is to publish a clear policy, in advance, detailing under what circumstances information will be kept private. For example, take a look at the Mozilla Group's security bugs policy. Having such a policy gives the company flexibility to be private when it may be required. And being upfront about the policy reinforces the trust between the company and its users.