Well, in terms of package and code validation, there are definitely strong arguments to be made for source-based distribution models and FOSS-backed fuzzing operations. Although freely available source isn't perfect for combating government intrusions, it still is the gold standard since it's impossible to implement fully-featured, unobfuscated backdoors. Despite the fact that things like heartbleed are damaging, keep in mind that they're only a bugs rather than deliberate backdoors.

The answer to imperfect software freedom isn't no software freedom.