Providing anyone finds the fault. The industry stats have indicated for a while that all OS have faults that are not detected until something very bad happens. They are all software and there aren’t enough geeks in the world to be able to detect the possible backdoors and other faulty code and access schemes. Remember, the software security industry is not the most sophisticated or competent entities in finding and detecting these problems; governments, including the U.S. have the resources and facilities to be on the bleeding edge of computer espionage. The private companies can’t come close to matching these capabilities. No OS, no coding language, and no Browser is truly safe.
Not entirely true. We can prove that things are correct. As an example there is Ironsides, which is an implementation of a DNS server which is:
provably invulnerable to many of the problems that plague other servers. It achieves this property through the use of formal methods in its design, in particular the language Ada and the SPARK formal methods tool set. Code validated in this way is provably exception-free, contains no data flow errors, and terminates only in the ways that its programmers explicitly say that it can. These are very desirable properties from a computer security perspective.
If you have the source, it's a lot easier to analyze. But it's not really my point to defend. You effectively asserted open source is just is full of holes as closed source. How can you prove that? None of the other information you cite has anything to do with that, it's all hand-waving in fact. The assertion that private individuals and private or public companies can’t come close to matching the capability of governments is not falsifiable. Now I would prefer to assume government researchers as dreadfully capable assuming they are properly directed; it's always a good idea to look both ways before you cross the street too.