I really like having source code available when diagnosing code problems. Of course, the source code for my company's code is available. However, source code is not always available for third-party libraries, and is rarely available for remote services.

For third-party Java libraries, it's possible to use javap to disassemble the code, which is something I've done a number of times. Sometimes the class files are obfuscated, so the class names are 0.0 and 0.1, and the method names are 000001 and 000002. In those cases, it's generally not worth it to go through the disassembled code.

For remote services, the usual thing to do is to dump the network traffic with tcpdump. It can show if our code is sending something wrong. But when SSL is being used, it's not as easy.

The good thing about Apache code and a lot of other free code is that the source code is available in publicly readable source control repositories, which means the revision history is available, which is also helpful.

There usually is documentation, but it can be ambiguous and there can be undocumented behavior. Having the source code usually more than makes up for shortcomings in the documentation.

When I look at third-party source code, it's usually not because I think there's something wrong with it. It's usually because there's something wrong with how I'm using it, and looking at the source leads to learning how to use it correctly.