@neil TBH Neil, I think that is an oversimplification, that a lot of people would like to be true.
Nothing in FLOSS says that trust should be a given. With freedom comes obligation.
Any of us who use FLOSS should be making our own judgement calls about the trustworthiness of it.
Yet, we essentially delegate this to distros, 'web of trust', etc. And crow about it when it goes wrong.
But, do enough of us contribute to address this...