One more comment on FOSS and security: it’s true that you can’t assume that just because software is available, people will review it. However, given the vast number of serious flaws with commercial software, the opposite is also true: you can’t assume that just because software is commercial that it’s been reviewed either! Actually, with this regard, open source and commercial software comes out about the same. From a practical standpoint, you need to look at each software product, and evaluate it on its own merit. It might be true that American’s are overweight, but mostly thin people compete in triathalons. So don’t rely on the law of averages when it comes to your security.
Studies have shown that the transparency of open source has lead to a slight advantage in code quality in terms of fewer bugs per 1000 lines of code. Also, the response times for open source projects fixing bugs is faster. You may want to take comfort in these facts!