The "its only secure if its open source" argument only really works if you compile the source yourself - otherwise you
're just trusting that the binaries on the devices are in fact compiled from the source that is published, in which case you may as well trust anything they say.
