Good software is written by good developers, reviewed by competent people and tested thoroughly. Bad software is not. Making something open source does not magically make these things occur.
*Popular* open source certainly has many competent people working on and reviewing it, but some commercial software also has these traits.
There are security issues in almost every (non trivial) application written. Open source has the advantage that competent people who wish to review open source software can, they can then make improvements and feed it back. Security issues can also (often) be fixed faster due to the ease of fixing and feeding back.
But for most software (excluding the really popular ones) assuming it is safe because it is open source is a risky belief.
Being closed source does not mean "there's no problem" although I find *most* developers (open or closed source) don't have a good understanding of application security.
P.S. I see the irony in my generalisations
