Open-source is de facto closed source if you don't build your own stuff (and know how to debug it). That's the status most OSS users are in, I suspect. I run Linux but I've never compiled a kernel and I've never run a native debugger. It's nice that I could, but this is just a platitude.
But anyone this paranoid will obviously build from source? Most OSS users don't build from source because they don't care to look in their internet packets for viruses.
BTW, it is not that hard either. You can even have multiple Linux kernels installed at the same time. Same with Android ROMs, just checkout the code, build it and flash using ADB. It is about as difficult as dual booting Windows and Ubuntu.
