Open and Closed Case
Larry Seltzer has written more on the debate of the relative security of open vs. closed source code.
I'm not sure which side is right. But I think that Seltzer makes a good point when he notes that people review open source for the flashy bugs, not the grind-it-out security reviews that closed source companies should do.
Another valid point that he doesn't mention is that open source security is based on the assumption that with enough eyes, all bugs are shallow. I'm not sure if this is true or not, but the presence of longstanding security holes in open source projects may be an argument against.