Of course, this is true only if you are actually capable of editing the source code to fix the bug in a way that you are confident will not harm the program (introducing new security flaws, crashes, data loss, rude emails to your mother, etc.) Some bugs are "I forgot to check that this wasn't 0". Some bugs are subtle conceptual flaws in application design. Some fixes are dangerous.
Is your system administrator really capable of patching the code for every critical application on the system? I don't mean this from a "most sysadmins are dumb" perspective or anything; just that most sysadmins probably do not understand the internal workings of every app they are running well enough to patch them right away, nor are they sufficiently wizardly to read over the source and understand it in an afternoon.
Also--does management really want to take the risk of having them try?
And "binaries are themselves fairly trivial to interpret" is a vast overstatement. There are some things that aren't all that hard to spot in binaries, but there are plenty of things that are pretty damn hard. It's certainly going to be appreciably harder than reading source code.
And of course there are more counterarguments. Sure, having more eyes is nice---but how many people really read the source? Joe OSS user just downloads prebuilt binaries from the internet (or maybe he runs Gentoo, but he still doesn't have to _read_ the source). You still have some advantage, yes, but how much? I honestly don't know if there are any well-researched numbers on how many people seriously look over OSS code they haven't developed, but I suspect it's a lot smaller than the userbase. And you _have_ made it easier for potential attackers to find exploits...so which of those outweighs the other?
I'm by no means claiming that OSS is less secure than closed software (personally I think that the competence of the people designing and administrating the software is far more important the open/closed issue), but I think it's silly to say that OSS is "fundamentally more secure" based on simplistic reasoning like what you mention. There are intuitively appealing arguments on _both_ sides, and it's really a matter for empirical evidence.
COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray