LOL. This report is actually an example of why open source is more secure. You have here multiple independent developers looking at the source and reporting bugs, and helping fix them. Would the same be possible with a ssl blob?
There's that, and if it's open source, used widely enough, and you screw up as badly as openSSL has, Theo will come and fork your project to fix all of it's brain damage.