Realistically, there is so much code in a linux system it takes a lifetime to review it all yourself. So, you end up putting your trust in the code reviews of random people on the internet. Is that better than putting your trust in BigCorp? I used to think so, but i'm not so sure anymore because i don't see substantiation of the claim that open source is more secure. I see similar volumes of security issues in open source and closed source, and i don't see that ratio changing over time, which is what the many eyeballs theory would suggest.
Sure, the many eyeballs theory is appealing, but it seems more aspirational than actual.
A government institution does have the resources to review every single application they use, should they want to.
You're also missing that often BigCorp gets more involved in open-source than random individuals. Microsoft for example is said to be the fifth largest contributor for Linux 3.0, speaking of which Red Hat, IBM and Google are regulars and now Samsung too.
Fun fact, did you know that SELinux, one of the most advanced modules for access control, was originally developed by the NSA? Yup, a little ironic, but we can use it because it is open-source and because it has been reviewed.
Sure, the many eyeballs theory is appealing, but it seems more aspirational than actual.