What is intrinsic in closed source products that makes them less concerning? Could a financially backed open source device have equal quality, safety and review?
There is no fundamental reason, the tricky part is (as always) cost and expertise.
For all the issues in medical device engineering, the bar is higher than most people (particularly in software industry) have worked in. Obviously there are other areas too (e.g. aerospace), with similar or higher bars.
Your project will benefit by finding people with experience in hazard analysis and risk mitigation, testing, SDLC management etc. They either have to be motivated to do this on their own or payed, or a mix. Hopefully you'll find people familiar with ISO13489, IEC60601, IEC62304, etc. - not because you'll want to audit to these standards, but because the people will also be familiar with what's needed.
Basically, to have the quality where you want it to be, you need to do the work. The flexibility of such a system is great, but in terms of verification and validation, the amount of work could become exponential with the configurabilty - so you are probably going to want to concentrate on some specific configurations pretty rigorously and encourage them for "real" use.
Systems, particularly safety-critical systems, are tested in specific configurations (inputs, users, integrations).
If you change the configuration, you encounter the possibility of finding new bugs. When someone's life is tethered to the device, this will make engineers (and lawyers) properly twitchy.
For a perfect example of this, have a look at the the Ariane 5 [1]. Existing software was used in a new configuration and when it encountered an untested condition the software crashed, resulting in the rocket self-destructing.
Now, consider, you're adding bluetooth to a safety critical device - this is a protocol stack where people can't get their phone to connect to their car, and my Android phone occasionally needs to be rebooted before it will connect to my headphones.
For all the issues in medical device engineering, the bar is higher than most people (particularly in software industry) have worked in. Obviously there are other areas too (e.g. aerospace), with similar or higher bars.
Your project will benefit by finding people with experience in hazard analysis and risk mitigation, testing, SDLC management etc. They either have to be motivated to do this on their own or payed, or a mix. Hopefully you'll find people familiar with ISO13489, IEC60601, IEC62304, etc. - not because you'll want to audit to these standards, but because the people will also be familiar with what's needed.
Basically, to have the quality where you want it to be, you need to do the work. The flexibility of such a system is great, but in terms of verification and validation, the amount of work could become exponential with the configurabilty - so you are probably going to want to concentrate on some specific configurations pretty rigorously and encourage them for "real" use.