Comment by emodendroket

I think there's no question that auditing open-source software is easier, but it can be harmful if auditing actually basically never happens yet people wrongly believe that all the open-source software they're installing must be audited. At that point it's not any better than relying on the fact that technically someone could disassemble binaries to try and inspect them without worrying too much about whether that happened.