Honestly, Microsoft is one of the most active participants in the shitty fascist dystopian surveillance shitshow in the us right now. It's not that it "might not be better", they are literally one of the worst.

Open source doesn't work on trust, it works on scrutiny. Which is much easier to do when everything is open and therefore auditable. The threat model is very different, and the mitigation process is much faster since thousands of companies, including the biggest ones, need a secure Linux to run all their servers.

Open source software security issues comme mainly from :

• plain old bugs like everything else
• supply chain attacks (Example), which are actually very difficult to pull off since they tend to actually fail because of said scrutiny

What open source software won't do because doing so would immediately kill a project:

• deliberate backdoors "for law enforcement" like most commercial platforms
• invasive telemetry/spyware
• Microsoft Recall that literally records and stores indefinitely absolutely every single interaction you have with your computer
• basically everything that's deliberately harmful to privacy and/or security
• enshittification to maximize profit since there is basically no financial incentive and no venture capitalist behind distros