yes and no: there are a couple of schools of thought!
of course, code by a lot of people without proper review is… risky
however, at least it’s able to be reviewed! and in time and with enough eyeballs, hopefully that code will become far more robust. that’s the benefit of transparency: anyone can review any line at any time!
remember: closed-source code as plenty of vulnerabilities too! just if we can’t review it, it’s much harder to work out what they might be… often, closed source vulnerabilities can exist for years without the vendor ever patching them because nobody is calling them out on it… hell, they can even know that their software is actively being exploited and just… not tell anyone