I think your argument could be summarized as follows
"Small, underused, badly-coded open source apps, written for their own amusement by amateurs and volunteers who overestimate their own abilities in the fundamentally difficult field of security will have more problems than large, widely-used, well-written, proprietary apps authored and audited by humble yet skilled full-time professionals for big business."
Unfortunately, you could reverse the positions of 'open source' and 'proprietary' and get an equally true assessment (in my opinion).
The fact that the word 'commercial' is used repeatedly as the antonym of 'open source', suggests you think that it is, at the very least, uncommon for that reversal to hold true. This a symptom of the wider problem that ensures the article misses the more interesting questions e.g.
If Sun open sources Solaris (as they claim they will) will it become more or less secure?
I'm guessing the answer would be "that used to be commercial [sic], therefore it doesn't count as open source". But I have the intuition that the combination of open source and commercial, professional development will be more effective than either alone.