Yes, Reddit's source code is published on GitHub. But that doesn't mean that this is the exact same code that is powering the website. There is absolutely nothing stopping them from applying any modifications they want on top of the published code, or even running an entirely different version of it.
Open source software is great, but only if you can verify that you are using software built/running from verified source code, and there is no way to verify that with a website running on someone else's servers. When a web service states that the source code of their service is published doesn't mean that you can undeniably trust it just based on that.
Are there ways the publisher of the website can submit verifying information to the public (without compromising their website's security and whatnot)? Would that kind of dissemination of information have to be made periodically (every few weeks or so)?
I'm not sure how could this be done in a verifiable way. They can post hashes that would be the same as published source, but there will be no proof that the hash came from their live server. Even if they could somehow prove that the files on the server are the same files that are published, who's to say they don't have a standalone plugin of some sort that implements certain changes and features through a backdoor.
There are legitimately trustworthy companies that are in the same boat. Because they can't prove that it's the same open source software, they have to rely on people's trust in their name, which is never going to happen for Reddit.