The best (readily available) encryption algorithms are designed in a way that is mathematically impossible to recover data from unless you have the password. Think of it like making a cake. Everyone has the recipe, but no one will ever tell if you put the salt or the sugar into the mix first unless you tell them.

Open source code is also constantly reviewed by a lot of independent experts to make sure it’s secure and reliable, so you can refer to hundreds of expert opinions or even your own knowledge and research. If there is a security issue, anyone can send their solutions in and the developers can review them and choose the one they think is best or use their own. For proprietary software, the publisher says “I promise it’s secure, honest”, maybe they add some actual references but there is no 100% transparent way for you to make sure it does what it says it does.

Most proprietary software actually includes a lot of open source parts, which also means that whoever makes the proprietary part has to review the open part for security to make sure their own product is secure.

For example chromium is an open source browser that most browsers are based on (Chrome is the closest to the original, but Edge, Opera and many others are also based on it), so all these companies work to make sure the chromium project works as well as it can.

Android is also open source, Google adds their services to it, then phone manufacturers also add theirs, which aren’t open source, but they rely on the open source base, so that base has to be solid and secure before these companies even touch it