Open source doesn't fix the security bugs. It makes them available for inspection, but people aren't reading other people's code unless they have a specific issue they want to solve. I got into RISCV a bit just before I got into nostr, because it is open and license free and also not purely for educational purposes, and China was starting to plow into it for embeded stuff. I think it's great to have open hardware, but at least for RISCV it doesn't have the high-power performance that you need for a desktop.