From my point of view, open source is more secure. Here's my reasoning.. Bug fixing requires exposure, and the best exposure is to do source code reviews. Most commercial development is done with just enough code review to make the program usable. Open source has the possibility to be reviewed by many times more people. Especialy true for popular projects.

I also find the number of back-doors, and other intentional flaws in open source to be fewer. My observation only. Tho the source-tainting problem with serveral pieces of open source code have worried me lately. Sometimes it is found quickly, sometimes it takes a while. but atleast the problems are out in the open, and not hidden away by the PR department of some company.