It's true that there is no difference in security between
* A closed source, perfect, crypto component
* An open source, perfect, crypto component
If it's perfectly secure, the privacy of the source code makes no technical difference.
private encryption can be much more secure than public
As above, if the security of your solution is perfect, privacy makes no difference - public can be much more secure than private.
The privacy of your solution DOES make a difference to other factors.
* Trust
People are more inclined to trust something they can inspect. If someone says "my security system is PERFECT... but you can't look at how it works", my first impluse is to think that they have something to hide. And that something could be a super cool proprietary technology, but it could just as easily be a gaping security hole a script kiddie could exploit. Given the fact that if you patent your super cool technology, the detail of it is public anyway, but I still can't steal it, the bias is that it's far more likely to be that your solution has problems, whether they be stupid mistakes, back doors for the NSA to exploit, or rude comments in the source code.
* Peer review
Good security is hard. Even if you're some kind of security savant, people think differently and someone may spot a gaping hole in your solution that you just have a blind spot to. Open, standard security technologies have multiple people poring over them looking for holes. There are people who get their kicks that way. Exposing your technology to as many of them as possible and letting them tell you what their opinion is, is the best way to evaluate your solution.
It's easy to come up with something YOU can't break. It's much harder to come up with something that no one can break. The difference between private and public is that you'll only get to find out AFTER something is depending on your solution not breaking.
Skype make a pretty big deal out of the security of their solution, but the truth is that leaked documents have made it very obvious that intelligence agencies can trivially intercept Skype communications - and we don't know whether this is because there are back doors, or because the security of the protocol is just crap, because we can't inspect the source code and there is no public documentation of the protocol. It's most likely there are back doors, because properly implemented crypto is not trivial to break. So this is a private system that many people trust, yet it's obviously not worthy of that trust.
So closed-source security solutions are not the best idea, for exactly the reason you propose that they ARE.. if you keep the source private, you keep the security holes private. It will just take longer for someone to exploit them, or it will be insiders that exploit them. If you open the source up, when holes get found... yes, some of them will be by bad actors. But some will be found by people with an interest in seeing them fixed.