This puff piece is nonsense.
Open source, theoretically, should be more provable as secure than not. Which is fine, if you have the time, resources etc. to actually audit such code.
Real users do not, they do not download and compile from source (Linux on the desktop is increasing, sure, but it's still a rounding error compared to the Win/OS X userbase, and even then most of the time they're not building from source either), they download a 'trusted binary'.
And of course then there is the argument about compilers - I seem to recall a fantastic piece about compromising compilers from Ken Thompson. It was written 30 years ago, but here's the thing... when the Mozilla folks build the binaries for Windows, what do they use? I see from their Windows build requirements page that they use Visual Studio and cygwin in concert (VS for the compilation, cygwin for the linking, presumably? Not clear.) But you're still relying on those tools to be uncompromised. That means trusting VS and cygwin (and possibly gcc) - and you can't audit VS.
http://c2.com/cgi/wiki?TheKenThompsonHack is mildly scary reading. Not totally scary, but mildly scary.