The point about closed source software is that we just don't know what happens behind the closed doors. We have no idea how many times vulnerabilities and bugs have been discovered and quietly fixed without the world knowing, nor do we know how long it took to discover and fix them. The commercial companies aren't going to tell us, for fear of being sued for consequent damages. And we can be sure that there are bugs still lurking which haven't yet been discovered.
By contrast, open source issues happen in the open. There are no secrets. When bugs are discovered, the world knows in a flash, and the issues get fixed very quickly. Open source works by an informal process of peer review, which may seem haphazard, but is far more satisfactory than the reliance on goodwill and good practice in commercial companies.
The seriousness of the heartbleed issue is of course in the fact that it took so long to be discovered. But that, together with the fact that there are no publicly known instances of its ever being exploited, means that it must be quite obscure. There are lots more obscure bugs out there, in both open source and closed source software. It's an imperfect world.