That chasm is also occupied by others such as these subcontractors who are careless with security policies and end up causing the leaks. Is that the space they want to stay in? I don't think it is. And if they decide to move towards any direction, I hope it's the "yes we want to open source" direction so that the leakers don't have anything to go after anymore. They may even become good open source citizens in the end.

I don't think that's a relevant part of the consideration process. Open source is not a security strategy. Breaches happen at companies who open source their software too.

You are correct that it's not a security strategy by itself. But it can be part of a larger overall security strategy.