I would agree that in general open source software is less likely to contain such things, since anyone who inspects the source would find the bad stuff.
Especially since F-Droid packages are mostly built from source on F-Droid infrastructure, and all source tarballs are kept forever. That way, even if something slips through, it can be tracked down.
https://f-droid.org/en/docs/FAQ_-_General/#whats-the-differe...