That depends on how you define "safe" and what your security risks are. Dana Epp expanded on open source not always being safe and I felt compelled to retort on my blog (http://www.ryanlowe.ca/blog/). Safety is about threats. If you have little to no threats or the consequences and/or risks are low then security is not much of an issue. Take the Java virtual machine sandbox for instance. If someone writes an open source Java program, even if it is poorly designed and coded it is still safe because the virtual machine is safe (or so says Sun and IBM, and I believe them). A program, even a poorly coded one, regardless of whether or not the source is open is at maximum only as unsafe as the worst exploit on the platform on which it runs. The difference between open and closed source is that in closed source we never know how badly flawed a designed is after we see the first exploit (and exploits like to hang out together, especially in a flawed design). If a flawed design is exploited in open source software, chances are the design/code will get the spotlight and be examined and critiqued more closely. The developers can respond quicker, with greater numbers and from many different perspectives (ie. security specifically) than with closed source.

"Take the Java virtual machine sandbox for instance. If someone writes an open source Java program, even if it is poorly designed and coded it is still safe" Exactly. This meets the third point of my original post... Writing operating systems that run every application with full user rights (or worse) is not safe. The sandbox restricts some of the full rights of the user, and provides just those rights actually needed to run the application. If something goes wrong, intentionally or not, the application still cannot perform any action the sandbox is explicitly disallowing.