alefort good question
Contract audits are generally fairly expensive. Our upcoming audits (one from Spearbit and tentatively from CodeArena) are from 110k to 140k, for a total of 250k for a single large code release. This is obviously not desirable to do often, but it is necessary to have some assurance of the security of our contracts. To add on, we had a 30k$ audit for the bonds code, and are currently auditing our incurDebt contracts. As you can see, the bill quickly adds up. If we are to attempt at least 2 major release and many minor releases in a year, it is very easy to see how 500k could be used.
I do not want to skimp on audit costs, as I think paying for quality security reviews far outweighs the risks of not having them in the case of a catastrophic exploit.