"basically operated by one volunteer in charge of a small team of volunteers"
Isn't that basically the story of Open Source ?
For example, OpenBSD has the infamous Theo who lords it over his small team of trusted coders ? Or Linus on Linux ?
I always laugh when people say Open Source is more secure.
In the end, unless you speak fluent C++ (with a security specialisation to boot), you're still trusting "someone else" to deliver secure and reliable code. Or you're still trusting "someone else" to review the code for you in a timely manner.
Let's face it, most people don't speak fluent C++ (and even fewer know what to look for in terms of security) and so you just blindly install packages (or blindly compile source) and so in that respect its really not much different to commercial software !