Comment by ivell

I think their point is that the source being open keeps the developers more honest. Of course there have been supply chain attacks in open source, but that is more probable to be found out than closed source ones. In short, auditability improves security.