This is an area where closed source has a natural weakness. In open source, the code is subject to a wide review process where vulnerabilities are found and closed.
At the very least, this allows a site to have some control over it's own security. It may not be possible in practice to check each and every line, but the open discussions on the net allow a site to make a choice based on the statements of their most trusted sources for information. Because the review process is open, a site can choose software based on known factors such as how vigorously it is reviewed, how many flaws a typical release has, and how quickly the holes are closed.
With proprietary code, you have only assurances from someone who wants you to use (and pay for) the software. The security review (if any) is not subject to evaluation.
For widely used software, open source will be reviewed by many more experts than any closed source. That can't absolutely guarantee that no flaws exist (especially truly novel attacks), but it can go a long way.
While blackhats can also take advantage of the source code, they are still limited by it's openness. With closed source, if an exploit is found, the blackhat can just keep it quiet while he perfects his exploit to do maximum damage. Having perfected the attack, he may then hold it in reserve until a time of his choosing.
With open source, the blackhat does not have that luxury. He knows that if he found it in the source, someone else will find the same thing at any time and close it up. His arsenal of exploits is subject to expiration at any time.
It is worth noting that in the open source world, a recent flaw in OpenSSH was NOT handled in the usual open manner. The result was that a number of sites BECAME vulnerable as a result of their attempts to update and close a vulnerability that it turns out they never had. The incident underlines the importance of openness and at the same time warns that open source is not in itself an assurance that the right things will happen.
The future isn't what it used to be