This idea is one of the most persistent about FOSS. It only shows the power of rumor, because FOSS operating systems have had usable graphical desktops for well over a decade. Until the last few years, they weren't as advanced as Windows or OS X desktops, but they were adequate. Now, FOSS operating systems give you the choice of working with the command line, several types of lightweight graphical interfaces, or full-featured desktops.
Admittedly, for some advanced administration work, the command line still has the most advanced tools. But that is also true in Windows, as anyone who has used ipconfig to trouble-shoot an Internet connection can testify.
FOSS developers have inherited the Unix preference for small programs of limited functionality. And it is true that several large FOSS projects, such as OpenOffice.org and Java, were developed privately and later had the code released.
All the same, FOSS has no shortage of large-scale projects, ranging from the GIMP, a PhotoShop equivalent to Scribus, a desktop publishing program, and Inkscape, a vector graphics program. Desktops like Xfce are even larger projects, while GNU/Linux distributions like Ubuntu are larger yet, involving thousands of applications. Such examples make clear that FOSS is perfectly capable of scaling as necessary.
This misconception is perhaps a sub-set of the idea that FOSS can't develop large pieces of software. It gains added credibility because, for a long time, games were a low priority; FOSS developers were too busy with basic functionality and productivity to pay much attention to large-scale games. For a long time, FOSS games were confined to card games and simple strategy games, many of them based on arcade games.
Now, FOSS continues to be weak in 3-D games, partly, no doubt, because of its lack of free 3-D video drivers. However, a few large games like Battle of Wesnoth are now available, and most online games have GNU/Linux clients as a matter of course.
For those new to security, the idea that the best way to keep something safe is to hide it. This idea is known by experts as security through obscurity, and is generally discredited.
Probably the greatest reason that security through obscurity doesn't work when it comes to code is that, if security is breached, you have no way of knowing what has happened. By contrast, if the code is open to anyone to read, then the odds are that the insecure elements will be detected and corrected. Since what you want to protect is the information, not the technique used to protect it, according to most security experts, FOSS tends to be more secure than proprietary software.
Of course, because bug detection is public, detractors can say that FOSS is buggier than proprietary software. However, because we have no way of knowing how many bugs in proprietary software go unfixed or unnoticed, the number of reported bugs is not a reliable measure of security.