Aside: I've been working through cryptopals over the weekend and I'm enjoying it immensely. Thanks!
I completely agree that both open- and closed-source crypto can fail in ways users do not detect.
The gist of the point I was attempting to make was that the incentives for open-source projects are often ideological, rather than monetary, which reduces the incentive for authors to incorporate weaknesses in exchange for money.
I think the incentive problems with commercial providers are misconstrued; the market --- at least to sophisticated buyers --- is unkind to people who sell their trustworthiness. So commercial providers in fact do have a lot to lose.
To the extent that open source has an edge over commercial software in motivation and ideology, it's cancelled out by the immaturity of the code itself. Cryptography is extraordinarily unforgiving.
I completely agree that both open- and closed-source crypto can fail in ways users do not detect.
The gist of the point I was attempting to make was that the incentives for open-source projects are often ideological, rather than monetary, which reduces the incentive for authors to incorporate weaknesses in exchange for money.