It's important to put open source into perspective. FLOSS is one way to determine data security, however, it is not always the case as it has very narrow and false assumptions integrated right into it.
Open Source What is open source and how does it differ from closed source and is one better than the other? We'll look at a summary on why open source isn't always the answer. Cool! But "I don't know what the company is doing because I can't see the source code." What if I were to tell you the same could be said with open source code? Take this example: if I were to put out a project for everyone to inspect that was thousands of lines long I wouldn't write a subroutine labeled #browserpass-snooper, but rather, a 1/10 bit of code in one section that is handed off to another bit in another, then several red herrings, then to a third… Making it almost impossible for anyone to see it. To be able to snoop out these traps, it requires a good auditor that is a very valuable programmer, that commend a very high salary that is few in number. Thus, they are small in number with many temptations to do audits of software they're not developing. Now, imagine how many terabytes the source code for MacOS, iOS, Android, etc. is. Who has the resources to audit that? What of the ever-changing updates and upgrades, requiring the audit to be reset? For open source to be viable to its end users, the project should be small enough and well written enough that it's capable of being reviewed by humans and that there aren't any vulnerabilities purposefully inserted that are hard to find. Leading to, almost all, if not all, of the FLOSS projects, are non-profit. They're absurdly underfunded given how widely used these projects are. The only way for us to have privacy is if all (or most) of us have privacy. Trisquel, TAILS or QUBES are generally recognized as among most secure OSs. This is a tiny number of people using computers, and despite over a decade to become mainstream, their installed base is minuscule. So, broader privacy protection that the other 99% will use has to be part of the solution.FLOSS has an important place. Especially for smaller projects like OpenSSL or OpenVPN. Libre Office might be on the point of transition of how large a FLOSS project can get while still being verifiable.
It is unpleasant when FLOSS purists throw out FLOSS as the only way to be sure. Given the above points, to have a two-dimensional outlook seems closer to a religion than a practical solution. It's not a pick one and forget it scenario. Be open to a variety of approaches, each individual to one's threat profile and trade-offs one can afford.
More on open source: