Let’s say the only difference between two sets of programs/developers/realities is that one program is open source and the other is not. Scenarios:

• Some sort of attacker is determined to get the source code through any means necessary. If the program is already open source, the developer will not be targeted because of this. If not, then the attacker might target the developer in ways to get it leaked.
• Some sort of attacker wants to hijack the program to execute some other attack. In either case they will need to manipulate the developer somehow, but if the program is open source the attack would need to be hidden in plain sight, whereas for closed source that isn’t necessary so the attack surface within the codebase is much bigger. But depending on the project structure it would also be a lot harder to social engineer someone into accepting malicious code changes if they don’t have access to the code to begin with. At the same time, if the users think the program’s developer is compromised for some reason, they can typically hard fork core parts of the project if it is open source, which this possibility limits attack vectors further.
• The developer needs to hide something that people finding out will make attacks far more likely (i.e. something illegal). In this case closed source might help them hide it better (but the compiled output might also need to be obscured somehow).

If the only difference is strictly whether it’s open source or not (i.e. no outside contributors), I would say open source developers are safer unless something about the source code that’s not in the binary would provoke someone powerful.