Not only is it a myth you can show with basic common sense WHY its a myth.
You have something like 40 MILLION lines of code making up even the thinnest Linux distro, right? Now programs on average with FOSS have two to four releases a year, some like FF even higher.
Now for "many eyes" to be true ALL of what I'm about to post HAS to be true or many eyes is false...1.- you have to have people with the education and experience in both code AND stenography AND obfuscation, for why you have to have that look at the obfuscated C contest to see how even when you know there is malware how well it can be hidden, 2.- those people HAVE to look at not ONLY the code but ALSO all that it interacts with, for why you have to have that look at payload malware where by itself it is harmless but when mixed with a second program turns nasty, and finally 3.- They have to be willing to check not ONLY this one version but EVERY release for both the program AND the subsystems!
The "many eyes" myth works on the fallacy that states because something COULD be done it HAS been done. Well there COULD be vampires in the world but I don't think I need to carry a stake, do you? if I wanted I could wallpaper this page with Linux malware links but I think an even better answer is to show how you can write a Linux virus in 5 easy steps which will work on pretty much ANY distro, how? By exploiting the weakest link, like any virus...the user. And for those that Linux users wouldn't fall for those? look up the "KDE Look Bug" to see thousands of Linux users that got pwned by a screensaver and theme.