"except that there is no opportunity for outside people to look at the code and do security audits"
That's not true for commercial code as well. While it is true it is not "open" to everybody, it doesn't mean it is not available to skilled people doing reviews and audits under some form of NDA.
The quality of code is only proportional to the ones in charge of it. The pressure to release something new is more an issue for the quality of code that other ones, in my experience - and it is true commercial software may feel such pressure more than open source project - but once there is a commercial entity needing money (investments, etc.) behind an open source project, that pressure arise as well. Projects that can be developed at their own pace may be luckier.