I meant the opposite way too:
You can't trust what Mega is giving people, especially since it's yielding insecure XSS natively:
https://arstechnica.com/information-technology/2013/02/seven-vulnerabilities-found-through-megas-security-bounty-program/
https://it.toolbox.com/blogs/rmorril/kim-dot-coms-new-mega-site-has-xss-security-holes-012113
https://www.pluginvulnerabilities.com/2017/10/17/vulnerability-details-reflected-cross-site-scripting-xss-vulnerability-in-max-mega-menu/
http://www.h-online.com/security/features/Mega-facts-1789685.html
unlike pomf clones being open source.