said by therube:A project that is poor security-wise is just that.
Open or closed source makes no difference in that respect.
The only difference is the code is there for you to see.
+1
said by therube:And if you don't look, & if no one else looks, or if someone does look, but the programs author makes no changes to account for the issues, then that is just what you get.
In my (not so) humble opinion, the most important option of open source software - anyone can make changes their own copy of the source code, and share the changes with community, if desired.