It’s simple really, you have two people selling you a padlock, one has a challenge for anyone who can break it to earn bragging rights, the other comes in a black cardboard box that you can’t remove. Would you lock your stuff with something that tells people “I’m secure, prove me wrong” or with what can be anything from a padlock that will close and never let you open it again to an empty cardboard box that anyone can break with their hands?

It’s the same thing with software, you need to realize that for every black hat (what people refer to as hackers) out there there are dozens of white hats (security experts that earn their living by finding and reporting security flaws in software). So for open source software that means that the chance of a security issue being found by a white hat is much higher, and if it’s found by a black hat you have millions of people trying to figure out how he did it, where’s the vulnerability and how to fix it. Whereas for closed software you never know if it has been breached, and white hats can’t investigate and find a solution, so you depend on the security team from the company (which is most likely a small team of maybe 5 people of we’re being generous) to figure it out and make a fix.