A company isn’t one person either, and many have auditors which are made up of multiple individuals. I agree that, all else being equal, open source provides better assurance, but there are many, many factors involved in the overall security of a piece of software. Looking at it from only the view of source code availability to the public is insufficient. I’ve released open source software myself that I am sure nobody has audited in any way. You could stumble across it and run it thinking it’s safe because it’s open source and therefore it must have been reviewed by lots of other people, or at least one other person, but you’d be wrong.