I think you’d want the money to be held by an organisation which is respectable and has some backing and track record - e.g. the OSI, FSF, Linux Foundation, Software Freedom Conservancy - orgs like that are unlikely to redirect the funds into something completely unrelated.
There does need to be some flexibility however - e.g. if a project is defunct and nobody wants to work on it, it is stupid just to leave funding in a bank account forever. But if you give it to another open source project (preferably one in the same area) I think that is fine. Adding it to the coffers of a for-profit company isn’t
And it might be reasonable for a not-for-profit to contract with a for-profit firm to administer such a funding scheme - but they should only be trustees of the funds (so if they go bankrupt the creditors can’t touch it) and they only get paid a defined percentage as a fee for service
There does need to be some flexibility however - e.g. if a project is defunct and nobody wants to work on it, it is stupid just to leave funding in a bank account forever. But if you give it to another open source project (preferably one in the same area) I think that is fine. Adding it to the coffers of a for-profit company isn’t
And it might be reasonable for a not-for-profit to contract with a for-profit firm to administer such a funding scheme - but they should only be trustees of the funds (so if they go bankrupt the creditors can’t touch it) and they only get paid a defined percentage as a fee for service