Goko will simply have to build that from scratch and can't do it by answering your question.
I agree with the first part and disagree with the second. At this point, all we've heard is that they're going to fix it and they care about security. Their actions and the fact that mistakes of this caliber made it through to a beta machine (let alone a production server) provide a good reason to think that security has
not, in fact, been a huge priority thus far. I don't personally have the skill to audit code, and I highly doubt Goko is planning on opening their code for us to inspect anyway. So, the best way I see for them to regain that trust is to answer LastFootnote's questions. They need to tell us what procedures they have in place, concretely, to inspect and verify their code, since we can't trust their programmers to do it on their own. If they have an external auditor—and at this point they should—they should tell us that too. Basically, we need to know how their development process incorporates security.
Here's the kicker, for me. Having a process to ensure security is something that any non-fly-by-night programming operation does, already. We're just asking Goko to follow security practices that are commonly accepted. The only difference is that, because Goko hasn't followed those practices thus far, we are asking for the details of how they implement those practices. I think that's a pretty easy bar to clear, and if that's a contentious point for Goko, then I am running as fast as I can.