Except that if everyone assume that someone would have done the audit, it would also simply mean that no one have done it.
Just do a research on reddit or quora (or google ofc): there’s always the same kind of formatted response.
This is a foolish - if not dangerous - way of thinking.
People have found vulnerabilities with lemmy both via the source code, and just trying things. They report them, and it gets fixed.
Meanwhile, microsoft windows during the 90s was a privacy and security nightmare. M$ sued the people who published bugs on sites out of existence, exploits could find their way from internet explorer into the filesystem, malware was so pervasive that you couldn’t run windows without an anti-virus suite. Identity theft, credit card theft, account-hijacking were rampant. Your system would slow down after running without an anti-virus for a few months. Older people had half their screen taken up on IE with ads and malware that could be installed at the click of a button, with no way to easily get rid of it.
Transparency doesn’t mean that 100% of users need to do audits on the source code. It means that the 0.00001% who are good at it, are able to in the first place, unlike with closed source software like windows.
Trust the transparency model: it works.
If I recall correctly, the worst offender was ActiveX, which blurred the lines between web content and a native application. And of course once ActiveX was deprecated, businesses would keep their employees stuck on increasingly vulnerable browser versions.