You can only spot an issue when you see the issue. The problem with simply applying the tag of *Open Source will correct the problem* is garbage. Do you really think people will search through every single app available on any Market place looking for security flaws?
Windows 7 Phone/Marketplace will actually scan applications before they go live looking for patterns across the code. If they find that parts of the code is accessing secured data then they are investigated by the Development team or some other Level. Then it's up to that group to determine the risk.