That is the MS PR statement, witch is completely BS. Open source have a lot more people looking at the code and using a proven Unix security model.