I think open-source is safe, it's generally accepted that there are more people out there trying to fix it than there is trying to break it. Open source projcets tend to move a lot quicker than closed sour ce projects do, simply because of the sheer number of people working on them!
You can buy linux in a box, yet you are rarely actually buying linux you are buying a support contract from the software vendor, For instance up until the recent release of redhat enterprise linux, pervious versions (1-9) were available for download, without support, and available for purchase either from computer shops or direct from the vendor, with a support contract that meant 24hour phone support.
I think this is a much better way of releasing software since then people that feel the need for tech support pay for the support, and those confident/knowledgable enough not to need tech support are not paying for a service they don't use.