The bad thing about open source is that anyone can contribute to it.
Unless you are personally reviewing and merging changes, there is a potential security risk.
I find it to be quite the opposite - Closed source software tends to have way more security holes than OSS. BY FAR. Closed source relies upon obfuscation and has significantly less programmers at their disposal. Open source and many eyes naturally results in more elegant code and far quicker discovery of exploitable code. I don't use ANY closed source programs anymore... that I can think of... Other than Windows on some boxes, and the antivirus applications it requires BECAUSE of it's closed source mentality.
And 'merging changes'? Most programs nowadays handle their updates automatically - You may have to hang out on the application's forum for a while to see if there are problems, but other than that, it is much the same as closed source, with the only difference being that you, the end user, have the option of actually SEEING the changes, and can go right to the source code to do so. You don't get to see the crappy code hiding behind closed source - If that gives you some feeling of 'professionalism', let me assure you that is not the case.
Not exactly. While anyone can submit a contribution to an open source project, that does not mean that the submitted change will automatically be incorporated into the project. Submissions are reviewed for malicious code.
The bad thing about open source is that anyone can contribute to it.
Again, not exactly. Most larger open source projects only allow submissions from an approved list of volunteer coders. If Juan Dough programmer has a better idea about how to do something is the project, he can submit the changes to the appropriate volunteer coder who reviews it and if it looks good, then submits it to the larger project community, who review it and test it again.
At least that has been my experience on open source projects, but your mileage may vary.
That is a common critique but a baseless one in the case of the major open-source enterprise programs like Linux, Apache, etc. Those programs are rock-solid in security.