Being open source doesn't mean immune to vulnerabilities. (and Purism's stuff will likely never be 100% open source due to regulatory complications with basebands)
Niche software often fares very poorly in terms of security because few people are trying to exploit it.
Niche software often fares very poorly in terms of security because few people are trying to exploit it.