Basically, yes, that's the point. Publishing the source code of the client allows the users to be sure that FileRock (Client) isn't "secretly uploading encryption keys to the servers". But please note that the server is not just an abstracted hard disk: it has a role in efficiently checking the integrity of your data, which goes beyond the encryption. For instance, FileRock is able to efficiently detect whether the data has been tampered by deleting a file. Although some of the work is done on the server, the client can counter-check its answers.