I'm not sure I understand the claims being made. I'm curious if this is experiential / anecdotal or if widespread.

I think OSS is OSS always...being able to audit it makes it (reasonably) reliable, at least in the sense of security. I can look at the code, run checks, etc. That alone doesn't guarantee things can't crash and burn, but it's a great start compared to a closed-source solution, even if that solution stands on its promises, as reputation in software is an iffy prospect today.