>I don’t get how it can be secure if malicious actors have access to the source code and the entire software package to practice their attacks against

It’s secure **because** malicious actors have access to the source code and the entire software package to practice their attacks against, which leads to any existing security holes being exploited, which leads to them being detected, which leads to them being fixed.

The best analogy I read is that open source software is like a rat which grew up in the sewers, while closed source software is like a rat which grew up in a sterile scientific laboratory. Which rat do you think would be more resistant and would come out on top?

A perfect example of this is Bitcoin (open source software), which was never compromised in 15+ years since it’s existence, even though the “reward” for doing that would be measured in at least tens of billions of $, while banks and crypto exchanges (closed source software) get compromised every day, for a far smaller “reward”.