You're forgetting about their health insurance, retirement, unemployment taxes, etc. I'm sure they get some tax-relief being a non-profit, but still, high end computer scientists are expensive.
Open source projects aren't really volunteer/spare-time/garage efforts anymore. The Mozilla and Apache foundations are pretty big organizations. A lot of projects are also run by for-profit commercial players like Redhat and Canonical.
A follow up tweet clarified that it was 10 people and not eight. But even that is a pretty high cost per employee I agree.
But the question is: Can you get a team of engineers that have the ability and crypto know-how to build something like Let's Encrypt in Canada for 1/3 of the salary?
I think it was kind of a joke with some seriousness to it. It's really easy for Canadians to move to the US to work. So a large chunk of the highly qualified Canadians do leaving less in Canada. Canada suffers a shortage of highly qualified people in many professions. For example medical professions have it really hard given doctors moving to the US can make multiples more than in Canada.
But they'd still be competing with Silicon Valley for top-end developers, who are going to be asking for a salary equivalent to their skills. You might save a little once you factor cost of living adjustments, though you'll also have to offset that with increased difficulty in finding the right person.
Folks who know security well enough to do this correctly are rare. You don't want to farm out critical X.509 infrastructure to the lowest bidder.
Open source projects aren't really volunteer/spare-time/garage efforts anymore. The Mozilla and Apache foundations are pretty big organizations. A lot of projects are also run by for-profit commercial players like Redhat and Canonical.