How do you know your code is secure?The short answer is that you don't, and you can't.
Software engineering is really hard, and security software engineering even more so.
Part of what makes accusations like the kind made against BSD so insidious is that they are just about impossible to disprove. For anything but the most basic program, it's impossible to prove that isn't doing anything you think it shouldn't be doing. And even if you trust the code completely, do you trust your compiler?
Or the people who wrote the compiler for your compiler? It's compilers all the way down.
Open source is neither necessary or sufficient for secure code. In some ways it may make you more vulnerable, and in some ways it may make you less vulnerable.
But in the ways that tightly-controlled open source makes you safer, it is precisely this: it is hard for an outsider to put a backdoor into it without other people noticing. In fact, the OpenBSD crypto codebase is probably the most difficult place in the world to do it. If you suspect backdoor code here, you have to suspect backdoor code
everywhere.
(Some projects are very loosely controlled, and rightly so, because they aren't that popular or aren't used in environments where security matters.)