What people? Vetting how? The problem remains: If you don't read and understand all the code (which is basically impossible for most people), then you have to trust some source of information, which in turn is based on some other source etc.
In short: You can basically never know for sure if any complex product is completely secure. You can make guesses, and the more research you do, the closer you get to an answer. At some point, you have enough information to deem a solution "secure enough" for a specific use.
For regular users, it's mostly a question of belief.
In short: You can basically never know for sure if any complex product is completely secure. You can make guesses, and the more research you do, the closer you get to an answer. At some point, you have enough information to deem a solution "secure enough" for a specific use.
For regular users, it's mostly a question of belief.