CyGood, but... it sounds uncomfortably like the tired old argument techbros bring up again and again, along the lines of "You can't read every line of open source you haven't done an audit of every single line of open source of every dependency and predicted every possible program state, therefore it's just as bad as closed source!"
To put it simply, security is not a boolean. Maybe you can't be sure that someone didn't sneak something malicious into open source somewhere, but you can sure as hell assume that someone did if the source isn't open. When you use binary distros, you're trusting that the distro compiled from the source they claim, but you're not trusting the original writer of the software with absolutely everything. And it's not illegal to reverse engineer open source software.
So yeah you'll rely on others. You just won't be at the whims of some crummy scam artist nearly as totally as if you use SaaSS.
To put it simply, security is not a boolean. Maybe you can't be sure that someone didn't sneak something malicious into open source somewhere, but you can sure as hell assume that someone did if the source isn't open. When you use binary distros, you're trusting that the distro compiled from the source they claim, but you're not trusting the original writer of the software with absolutely everything. And it's not illegal to reverse engineer open source software.
So yeah you'll rely on others. You just won't be at the whims of some crummy scam artist nearly as totally as if you use SaaSS.