I'll cede your point on university systems. You have more experience in that realm than I do.
Well, open source software is not intended to be super-secure. It's meant to give people a free, self-maintained option which is great for, say, a small business. Somehow that doesn't translate to a company that should have security standards far higher than your average Silicon Valley startup, or higher even than a chain retailer like Target or Home Depot. So I'd always assumed that banks, for example, have tightly managed closed systems.
The development methodology of the software doesn't necessarily have anything to do with how secure it is. It all depends on the priorities of the developers. I would submit that unless the user of the software can see and examine the code themselves, then it is less secure than any other option, because they don't even really know what it's doing.
Open source gives you that from the start. It may be that the code for secretly-developed software could be examined by a customer if they were big enough and paid enough money.
Regardless, a "tightly managed" system will be fine, but that has nothing to do with whether or not the code is open. You can have a well-managed open-source based setup, or a poorly-managed closed-source setup, or vice-versa.
Any security advantage of being closed-source per se is simply security-through-obscurity, which has long been recognized to not work. The holes will be found. And when they are, you're at the mercy of the vendor to fix them; nobody else can.