So, an open-source product which the developers have publicly declared as insecure, and on which a major code-audit has stalled inconclusively, is superior to closed-source _how_, exactly?

Not saying you're wrong, per se, just that it seems like all the choices are wrong, here.