if anything shows that open source is not inherently more stable and secure:
from the article:
Marshall Kirk McKusick, the original developer of the *dir() library, commented on the issue in a personal conversation with Balmer:
As the original author of the *dir() library, you probably fixed one of my bugs :-). Prior to the *dir() commands, programs just opened, read, and interpreted directories directly. I had to update a shocking 22 programs (a large percentage of the programs available on UNIX at the time) to replace their direct interpretation of directories with the *dir() library calls.