People like to ask this the opposite way to lead people to think that open source carries some risk. But all of the risks are magnified when code is closed. This has come to light very dramatically recently as both Juniper and now Fortinet have been caught not just putting in backdoors, but doing so in security appliances. Other vendors, like Barracuda, have been caught doing this in the past. This is so common that it is nearly assumed that closed source vendors are closed just so that things like this and cutting corners are quality and reliability are harder to spot.
In a world when vendor after vendor shows that they cannot be trusted with closed source stewardship and there is no public oversight, why do companies and IT Pros continue to trust closed source software? Not that no closed source vendor isn't good, but with open source we have "trust but verify" but with closed source we purely have "trust someone who is hiding something and won't let you verify." It's more than not being able to verify, it's that they are specifically stopping you from doing so.
