The bigger problem.
But the elephant in the room is "trust".
Open Source, if it is to be really successful (in ideology terms, rather than units shipped) will come from "the little guy", someone you've probably not heard of. The "bug guy" always has an agenda; he has to, he's answerable to shareholders and they want to see effort (investment) turned into profit.
The "little guy" often builds software because he needs it, his motivation is simple; "I need this, I can build it, if I share it then people will help me".
The problem is you don't know the little guy. There is always someone who wants to break this covenant for profit.
So "the bad guy" can take the little guy's effort, add something undesirable (malware), then make it available.
How does the end consumer tell? Is this written by "the little guy" or "the bad guy"?
I don't see a technical solution. Until this is properly addressed (if that's even possible) then paying "the big guy" seems preferable for consumers.
Which brings us into Apple's App Store. While some won't like it, it is probably the best thing consumers have. A store with a gatekeeper, checking products, rejecting products, distributing products. It isn't perfect, bad stuff can slip through, but Apple do seem to make this a rare event. Good for consumers, bad for open source. But now we've seen how much malware there is in Android Marketplace, and how damaging that can be, our choice is clear.
I for one, welcome our fruity overlords; the alternative is too dangerous.