Actually, none of those methods can be proven to be completely safe. All it takes is one bad apple at a company, or one rogue programmer for Linux to cause a whole bunch of hurt. Point is, nothing is really and truly safe. It's up to you and me, the end users, to watch what we do and how we do it.
However, to Joe Schmuck on the street, he'd take the comfortable, big corporation reputation over the open sourced OS and programs. Why? So he'd have someone else to blame and call when things didn't work right. People are lazy, and they want it to just work with no help from them whatsoever. Linux is getting much better at that, but it still isn't there.
Take an article I just read as an example. Someone distributed a Windows 7 RC install over torrents that had botnet code embedded in the OS. Now there's a 27,000 unit strong botnet on the loose. One bad apple, people's laziness, and that's what you get. Same thing could be done with Linux, for sure, but it's not popular enough to warrant the attention.
That is true. It's all in the hands of the distributor. Actually, that's an interesting thought. Wouldn't it be great to create a system where software is accepted by a series of people, and provided mathematical proof that each of these people okayed the changes? That would be a safer way to distribute software. You never know what kind of stuff the distributor (or packager) might wish to slip in.
What if the md5sum of each file, after being compiled with that specific version of code, was listed, and after comparing the hashes, people report that the binaries are safe? (You'd have to compile it under the same conditions if you were to check the md5sums, of course.)
Nothing including Linux is completely safe and that can be proven.
Although extremely rare, viruses for Linux do exist.
I didn't say free from viruses. Security vulnerabilities will always exist in any non-trivial application.
My point is that only free software can be observed for blatantly malicious code.