You are advising users to use CSipSimple nightly builds, but there are no OpenPGP signed downloads CSipSimple's download page, not even https. Using unverified software for supposedly secure communication seems to me currently the weakest link in the security chain.