The fact that because we can't fire developers makes it an incentive to bad coding practices is not an argument:
for some people (esp. Linux developers where pride is an important fuel to their creativity), being pointed out in public by such bad behavior is much worse than being fired in the equivalent closed software company.
Moreover, you will never know how many developers in a closed model had turned a simple patch into a remote exploit and if the culprit was really fired afterward esp. if it's a core developer (the one that knows everything and that you can't fire).
I think I can remember at least one Windows bug few years ago that was very much like another that was closed but there are some many 0-day and remote exploits that is becomes difficult to keep track.