Every statement you just made is speculation and not backed up by any meaningful data. While it’s obviously “easier” to find bugs when you can view the source code, making it one or the other doesn’t bestow any magical protections on the software.
"Time and effort required" in order to find vulnerabilities is not a magical protection. It is a legitimate protection. Not one that should be relied on, but very much something that factors in. Open sourcing software doesn't immediately improve security, but it drastically lowers the barrier of entry for researchers to start looking into it.
