As the first post says, the problem is really with developer workflows, which are all about "productivity," how quickly you can "get started," rarely about security.
If you want to write a successful OSS project, make it dead-easy to get started. I'm in a rush! No time to vet! My boss isn't paying me to audit OSS projects, he's paying me to use them.