Re: "but the availability of the source code means that anyone can."
With open source, it's also easier to:
a) apply your own patches
b) apply patches someone else published to get a fix in right away
c) get the patched version compiled and installed in your system before a package has been made available