Large communities of open source developers are no panacea, look at shellshock or all the various OpenSSL libs. Those bugs stayed present for years in highly used software...

A large community of devs who are focused on security would indeed be good for a projects security, but that's not always their number one priority.