It's not uncommon for folks to note that if the source code is available, it's easier for the hackers to figure out what's going on. Those of us in the open source security universe have long claimed that's not true, but it's really hard to back up such a claim. It's a bit like proving the nonexistence of something.
I ran across a blog entry where someone shows how one goes about analyzing a flaw fixed in Windows to know what was fixed, and to construct an reproducer. CVE-2014-0301 Analysis
This is really well written, and I'm quite happy to admit I learned a fair bit from it.
Remember, the only way to have good security is to have good security. There are no magic tricks.