[caller9]

More eyeballs actually may mean secure code, but only if those eyeballs know what secure code is and if those eyeballs can be bothered to check out the source code.

Security software cannot be trusted really unless it is open source and people that know what they are doing look it over. Then you build it yourself on your own system and checkpoint every change you merge in.

Almost nobody does this. So you end up with openssl's heartbleed and other problems due to plain insecure coding in combination with actual protocol weaknesses.

It's hard to write secure software and algorithms. The guys writing GUI code care more about performance than security. If your UI is running as root, it is not secure.