No, in general the code quality in large open source projects is just as good as in proprietary programs - for large projects, the majority of contributions come from professional software developers being paid to work on the project either by their employer or via grant funding, and those that aren’t still get their changes reviewed by professionals, same as everyone else.

Smaller projects tend to be a mixed bag - the internet has a “one guy who has been maintaining this absolutely critical piece of infrastructure unpaid on evenings and weekends for the past decade” problem, but even then open source has one major advantage - transparency.

If the code is open source, it’s relatively easy for anyone to look at the code and spot bugs - even if the first person to find a bug is a bad guy who keeps the bug secret, the odds are pretty good that someone else will also find the bug and tell the developers about it so they can fix it, and tell the programs’ uses about it so they know that they need to take action to protect themselves.

For proprietary programs, there is a much stronger incentive to keep bugs secret, both for bad guys (it’s harder to find bugs if you can’t look at the code, so the odds of your useful bug being publicized is lower) and for the developers (bugs are bad for business and cost us money, so we’ll sue you if you publish). Some larger players have “bug bounties” - if you find a bug and report it to us under embargo so we can fix it before you publish, we’ll pay you - because being perceived as having a secure, trustworthy product is worth the cost, but these are often more marketing tools than actual security features