Can find the article about a well known open source project but vaguely remember the gist of a security article being....
Although there can be 1000+ people contributing to the an open source project there can by around 10 people who contribute to the security features. So if there is a conceptual bug in the security the chance of finding it is 1 in 10 developers, plus all black hats who know how to read code and find exploits.
Security is always about making yourself look a lot harder and less inviting target compared to everyone else. Open Source is the same as making the front door and the locks out of glass. It just makes any weakness easier for the hackers.