No kidding. Open source software is safe because it can come from a trusted source that can be checked by others. Not every open source project is checked but the default repos of Debian, for example, are checked and can be trusted.
All closed source software, on the other hand, is untrustworthy because it can never be checked. This goes for the iOS and Android ecosystems as well. Despite their walled gardens the software is not open and can not be checked, which is why malicious software keeps making it's way onto phones.
Have you ever heard of malicious code in the Debian repos?