Beyond the "email me" example, as an author of free source projects for the past several years, I can say that if the project is used and if users have access to the source, they will find and fix bugs- not all, but more than would have been otherwise.

On the flipside, if few use your project, bugs can last for ages. I've had this experience also- distributing projects with free source that don't work, and not finding out until much later when I noticed it myself.

Making source free is not bad for security, because it's not about high visibility. Security problems are more frequent when the vector of attack is larger, e.g. when your car can be stolen because they didn't anticipate misuse of the entertainment system that was accessible via the carrier.

Related to that topic, Chrysler has recently been paying hackers to try to find security flaws: https://www.wired.com/2016/07/chrysler-launches-detroits-fir...

If the source is free or open, then people can find flaws more easily, so that they can be fixed. You want to be able to find bugs fast and fix them quickly. When you don't, that's when you get into serious trouble.

As a warning though, source being free and open and well-used doesn't mean that bugs can't go a very long time without being seen, after which point they are everywhere: https://en.wikipedia.org/wiki/Shellshock_(software_bug)

Anecdotally, I read through things occasionally. I once was curious about something in the xnu kernel and noticed a bug in the code, just from reading it. I sent Apple a bug report and eventually they fixed it (though I think it took a couple years).