It doesn’t add a false sense of security at all. It forces the devs to put their name on the line with every pull request. They are publicly accountable for any and all code that is added to the product, in an open and transparent repository. If they try any shenanigans, and if anyone catches them, the developer, the project, and the community will all suffer.
It also gives the community a chance to fork the code and remove the problem. You can carefully rebuild with a new dev or new team.
Using open source software is a real sense of security, because it was built for you, not for money.