And, for some damn reason, they seem to be chock full o' security craters, waiting for some 0-day to exploit!
The "some damn reason" is the one given in the quote: the products are a primary target for hackers. The most successful way to find something is to look for it, which brings me to...
An advantage of open source browsers is the potential for peer review and contributed patches.
I'll give you "contributed patches", but peer-review is only potential. The "million eyeballs" is a fallacy that has given project maintainers an unjustified sense of security in the past. Really there's only about a thousand or so eyeballs on anything, but more seriously, code is mostly screened only at entry to the codebase, rather than by systematic review of the whole source (a daunting task, that very few commercial vendors do; but unlike OSS, they can at least hire a hundred devs and force them to pick through the code).
Security vulnerabilities aren't like ordinary bugs - they don't disrupt the normal operation of a tool, so users are unlikely to spot them. You have to look for them to find them.