This is one key point I haven't seen brought up yet. In open-source projects, the weaknesses and strengths are well-known and allows for well educated implementation decisions - less risk. With closed-source operations, the weaknesses of the software are known by less people which makes those weaknesses a bit stronger because of the "security by obscurity", but there lies the greatest weakness - the additional security is dependent on people. The people that implement it, develop it, maintain it. The people that are 1) not employed by government (likely a greater security risk) 2) building the software for money (possibly more willing to accept a bribe). Depending on the knowledge known by the person bribed, the exploit could extremely deadly and unpredictable the consequences - more risk.
Slashdot Mirror
This is one key point I haven't seen brought up yet. In open-source projects, the weaknesses and strengths are well-known and allows for well educated implementation decisions - less risk. With closed-source operations, the weaknesses of the software are known by less people which makes those weaknesses a bit stronger because of the "security by obscurity", but there lies the greatest weakness - the additional security is dependent on people. The people that implement it, develop it, maintain it. The people that are 1) not employed by government (likely a greater security risk) 2) building the software for money (possibly more willing to accept a bribe). Depending on the knowledge known by the person bribed, the exploit could extremely deadly and unpredictable the consequences - more risk.