Every cost is detailed and noted in a document the entire core team has access to. However, there is information in that document that could potentially compromise people who wish to remain pseudonymous / private (eg. the transaction ID of BTC payments reveal their address). Coupled with that is the very real probability of the information being used to criticise us, which means we'll waste more time explaining why we spent X on Y than on getting things done.
We can fix the first problem by not revealing transaction IDs, for instance, but then there's no verification of the information.
We're open to a discussion about how we can solve this without opening the trollgates and without compromising anyone. However, I think that is a discussion we should table for a later stage, as right now we're covering the bulk of the costs out of our pocket so the only people we'd affect is ourselves:-P