Both yes and no. On the one hand since a lot of people can take a look at the source it's harder to intentionally introduce malicious code. On the other hand, a lot of projects have no formalized security tests and rely on software that checks for certain patterns in the code that could introduce flaws.

The best example is the OpenSSL bug introduced in Debian because Valgrind reported uninitalized memory. The alledged "fix" reduced the overall randomness of the system because the coder and reviewers didn't see all the implications.