Security focused FOSS does signed commits, signed reviews, full source bootstrapping, and reproducible builds.

Proprietary software solutions are unable come close to that level of accountability.

Not all published source code is secure but all secure software has published source code.