Suing people who expose security holes is definitely a problem, but it’s only tangentially related to the many eyes issue. I’d argue it’s more of a control issue; the vendors who are suing are trying to take too much control over their code to the detriment of their customers.
For that matter, most software–even open source software–is still consumed as binaries even where the source code is available. Having the source code doesn’t prevent someone from injecting back doors or malware into the binaries, and it doesn’t prevent sloppy code or administration (i.e., accounts with default passwords). For those who do install from source, how often do people actually audit the code before they use it?
Control is a much better argument for open source software. You can do what you want with it: modification, auditing, whatever.
