> I have to say, the principle that open-source software can't do anything nefarious because the source is open

No is saying this. I think you have misunderstood the principles of open source. I'd rather be able to verify the code i am running, then it being locked down, propreitery.

I have the possibilty to audit FOSS. Cant do it for propreitery software