I think going open-source is important inspite of the risks. Most people will do the right thing and report bugs. Being closed-source does not protect against people finding bugs and in some ways makes it more likely that they will be exploited if they are found. Look at some of the biggest bugs in software such as Windows - they have pretty much all been exploited for a long time before being fixed. Having the eyes of the whole community on a project is way more beneficial than just a select few who work on developing it.

I do think there should be a bug bounty program though. It would benefit us all and incentivise those who are tempted to exploit bugs to do the right thing.
Alternatively perhaps the team could do a post featuring those people who have found bugs say every month - the money raised by these posts could then be divided and distributed amongst the bug finders.