With open source, you have hundreds to thousands of people reading and rereading each line of the code. This means that if a bug or safety issue is detected, it can be patched before it’s been used for wrong doing. It’s not to say wrongdoing can’t happen, but that it’s less likely simply because so many people understand how something works.

With closed source, you have a significantly smaller team of people who build a software, and they pretty much rely solely on reports to solves problems. No reports = no fixing. This leads to the possibility of many different security issues that need to be fixed. We’re a human, and they commit human errors. As a programmer myself, I can’t tell you how many times I’ve written something, believed it should execute a specific way only to spend hours upon hours trying to find an issue that was right in front of me the whole time.

It’s just a mathematical thing, really. The number of fresh eyes with different experiences and different areas of expertise vs the eyes who wrote it (or inherited it and don’t even actually understand who’s going on).