TrueCrypt is exactly getting this treatment, crowd funding style.
After how many years? Truecrypt has been out for a decade, meets the definition of open source, and despite its relatively modest size is only now receiving audit to see if the source can be trusted and that the binaries everyone has been using were actually built from it.
As such I wouldn't hold much faith that just because Cyanogenmod is open that suddenly it's more secure than a proprietary product. It might be and open source is good for a raft of reasons, but I suspect anyone who wanted to throw an exploit could still bury it in plain sight if they wished. Cyanogenmod has a penchant for integrating bells and whistles so it might not even be somewhere obvious either.
At least this TextSecure protocol appears to be competently written though it does require some manual verification to prevent man in the middle attacks.