It is though in part an issue of reputation - nobody claims that IE6 + 7 and older were secure; even Microsoft accepts that they are insecure.
But OpenSSL gets/got an implicit guarantee of security from its OSS nature.
Everyone knew IE6 was awful at security. People just trusted that OpenSSL was OK because of the OSS argument.
"Many eyes make all bugs shallow" is true, but relies on there being many eyes looking our for all of the bugs (not just those in the most obvious of systems).