It is true that open source has positive impact on development, but at the same it is also an invitation to the bad guys by allowing more attack path to be discovered.
A million eyes poring over something are better than one set of eyes hoarding or suppressing info that may trickle out. I'm not a fan of how Ledger conduct themselves compared to Trezor.