In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Reminds me of the UK’s Government Digital Services, who want to digitise government processes but also have a responsibility to keep that service as accessible and streamlined as possible, so that even a homeless person using a £10 phone on a 2G data service still has an acceptable experience.
An example. Here they painstakingly remove JQuery (most modern frameworks are way too big) from the site and shave 32Kb off the site size.