It's probably been beneficial to them, given the number of people who've identified vulnerabilities in the code then responsibly disclosed them. Reddit's never had a serious security breach, which is doubt due in large part to no sensitive information being linked to accounts, but also because they've had quite a few people point out potential problems to them.

There's a lot to be said for free code review.