On the other hand, it's easier to find a business model that doesn't rely on source code secrecy when you're a platform provider like Red Hat. Red Hat Enterprise Linux, JBoss, OpenShift Online/Enterprise - these are complex technology platforms, where people are willing to pay handsomely for Red Hat's quality assurance, sustaining engineering, security threat monitoring, software delivery mechanisms, certification programs (for software, hardware and staff), supports services, consulting services, access to our customer community forums, etc.
By contrast, when your main product is a relatively straightforward web application that could be deployed on top of a PaaS, then the idea of potential customers "rolling their own" using your open source version is a much more significant strategic threat.