Another Open Source FUD by 'famous security experts' who don't know what they are really talking about. Open Source can be very powerful and safe as people could review your codes and make suggestions and patches to fix flaws. It is because of the common FUD about Open Source that is being popularized and looked down upon by certain huge organizations (including Trend Micro) that simply tarnishes people's view of the Open Source world.
Nothing is perfect... including the Close Sourced world. Security by obscurity is largely useless these days and seldom applicable anymore with decompilers and high powered processing units and secure connections in the hands of the common people.