Dual licensing is not pure open source and has very low risk footprint
"Seeing as how no one has proven that open source is viable it's a big risk"
That statement is far too fuzzy to be meaningful. In fact, the statement is simply incorrect.
There are many different business models built around open source. Some are high risk, some even have failed but many are very successful and do not carry any more risk than comparatively successful business models which do not involve open source.
Most people who claim that there is no business case for open source which has proven to be viable typically refer to the Red Hat style business model, which can be paraphrased as "give away the code, make money on support". Although it is understandable that this model is often perceived as a high risk model, it is by no means unproven. There are quite a number of companies which have been successful using this business model and which are profitable. If it wasn't viable, how could they be profitable?!
However, MySQL has never even been using this particular business model in the first place. MySQL is neither purely open source, nor purely proprietary. Instead, the MySQL model is a hybrid model. It uses dual licensing. For non-commercial uses, the software is licensed under an open source license (GPL in this case), whilst any commercial uses require the purchase of a proprietary license. For this reason, contributions to the code base by third parties are only accepted if those third parties assign their rights to MySQL AB (now part of SUN).
As a result, MySQL AB (and thus SUN) hold all rights in the software and they can do whatever they please. They can change the rules at any time at their discretion. They could even abandon the dual licensing scheme and continue with a purely proprietary business model if they so desire. In other words, first and foremost SUN purchased the rights to the MySQL code, they are not bound to keep licensing as it is.
With the Red Hat business model, the perceived risk is that somebody can fork the code and start their own support business competing with the originator. With the MySQL model this risk is virtually non existent because any commercial use requires a commercial license. It should be clear that for this reason alone, the two business models cannot be lumped together when making a statement such as "open source is unproven and high risk".
Furthermore, the dual licensing model has been used especially by hardware vendors with great success. Often, a hardware vendor releases a particular software under an open source license where the software will then in one form or another make the hardware they are selling more attractive. At the same time, the hardware vendor also licenses the software commercially to OEM partners.
A recent example of this is the Asterisk software, a telephony server software which is dual licensed by Digium. Whilst some features of this software can be used without any of Digium's telephony interface cards, it does drive sales of Digium hardware nevertheless. Digium are profitable and whilst their success depends on how competitive their hardware is, they have given themselves a competitive advantage over other vendors simply because the software is optimised to work best with their hardware, not necessarily with that of other vendors.
Before this background, there is a strong argument in favour of SUN Microsystems' purchase of MySQL. SUN could take the further development of MySQL into a direction where the software is optimised for SUN hardware to such a degree that it drives sales of SUN hardware. Alternatively, as a variant, SUN could develop and release MySQL booster hardware. In other words, SUN being first and foremost a hardware vendor has more opportunities to get benefits from the already very successful dual licensing model than a pure software+support company has. The availability of such opportunities further reduces the already low risk footprint of the dual licensing business model.
Taking all this into consideration, one can only conclude that the blanket statement "open source is unproven and high risk" is nothing but rubbish, especially in the context of SUN's purchase of MySQL AB.
Note: I am not actually a friend of dual licensing schemes because they do not usually protect third party contributors' rights, the very thing that led most independent open source developers to participate in open source projects in the first place. However, despite my disliking of this model, I cannot deny that the model has a very low risk footprint for those who use it.