Lots of malicious open source apps exist for that reason.
Discussion
A lot are just such bad quality that they pose a risk by accident.
There are a couple of Very Large Projects like Bitcoin, that change relatively slowly and have a gazillion developers reading through them and publishing results.
The rest is pull-n-pray or fork-n-patch.