First off, there are a lot more eyes on open source code than closed source. Which means that potential vulnerabilities have a much higher chance of being found and patched in very short order.

Second, open source software cannot obscure such vulnerabilities. People can see them, write blogs & reviews about them, and openly criticise the developers for not patching or fixing them. With closed source, the developers can simply ignore known vulnerabilities and hope that they won’t be discovered or exploited in the wild. However, this is unethical, and is considered bad practice as it violates the trust between developers and consumers.

Third, just because you know what security measures are in place, does not mean that you have the capability of defeating them. Typically hackers gain access to a system by finding and exploiting a bug or vulnerability in that system that has not been patched. If no such bug or vulnerability exists, then the software cannot be hacked in this way. However, hackers do often exploit the human element to gain access to a system. This is something that cannot be patched, and is far more common.

The main threat that comes from source code leaks is revealing proprietary code that competitors could potentially replicate. It also exposes vulnerabilities that developers have obscured and can damage their public reputation. Additionally, a source code leak usually implies that there was a lapse in security that allowed such a leak to happen in the first place. Which also hurts the company’s public image.