We just take for granted that Open Source software is secure because people can review the source code. Unfortunately people very often don’t review the source code. This is how under-appreciated and under-funded maintainers end up being susceptible to bullying.