So much of the internet depends on OpenSSL as we found with the Heart Bleed vulnerability. I don't think that OSS is any less or more secure. I've certainly seen non-OSS that had me walking around the back of the building ranting at the bins.
For me the important thing about any tool is that it allows me to ratchet up what i do in terms of productivity, quality and ability to share code. Every step forward is a step forward, a new bridgehead. Waiting for the perfect tool is fruitless, not least because the one thing IT teaches you is that requirements are a bit crap and subject to change. Only when something is in the fire of production can we truly test its metal.