It's a problem with the people who make that assumption. Not everyone does.
Just because you have examples of code that wasn't reviewed properly doesn't mean it applies to all open source software. I personally have my eyes on open source quite often, and I know many others who do. I also know we wouldn't have our eyes on it if it weren't for the source.
Really, software being open source doesn't make it secure. It's just a precondition that allows us to find out if it is secure (and fix it when it isn't). If it isn't open source, then we should assume the worst, as we likely have no other way of knowing whether it's reasonably secure.
Just because you have examples of code that wasn't reviewed properly doesn't mean it applies to all open source software. I personally have my eyes on open source quite often, and I know many others who do. I also know we wouldn't have our eyes on it if it weren't for the source.
Really, software being open source doesn't make it secure. It's just a precondition that allows us to find out if it is secure (and fix it when it isn't). If it isn't open source, then we should assume the worst, as we likely have no other way of knowing whether it's reasonably secure.