Google hadn't been using OpenSSL for most of their services; in fact, they discovered Heartbleed when studying the possible transition to OpenSSL from NSS; they ended up transitioning directly to BoringSSL.

This doesn't detract from your point, since NSS is also open source, it's just a factoid.

The security of a system should never rely on an attacker not knowing the details of the algorithm or implementation.

https://en.wikipedia.org/wiki/Security_through_obscurity

It is possible to fingerprint a TLS stack using its behaviour that a sysadmin can't change. People knew it was openssl.