Too often people assume that secrecy equals security. Nothing could be further from the truth.

The latter part of the sentence is really an overstatement. Secrecy does play a part in security. Maybe not a lot but it does and it varies.

Starting from worst-case assumptions is just plain common sense. Any other security plan is simply madness.

That depends on how much security you want. Often times we don't need 100% security, maybe just 80% security is enough so it is not necessary to start from the worst-case scenario.

Open Source appears to have a better track record at prompt and effective correction. Open Source projects respond with security fixes within days to weeks. Microsoft has taken six months to respond to a major security hole in Windows, and has a number of known but unresolved security issues with Windows.

You are taking the general case of things. (And not taking the worst-case scenario as you mentioned.) Only Microsoft has such a track record of responding. Many other closed source companies which are serious about software respond just as well and sometimes better than their open source alternatives.