With private software the user is placing their trust in a single company not to include malicious code, why does this make open source safer?
Because the fact that anyone can contribute to it does not mean that everyone's contributions will be accepted. The decision remains on the project's author and its maintainers. They have the power to reject or accept the contributions depending on if the contributions satisfy a certain criteria.
Of course, this is not a deal breaker. The ones who disagree with the decisions are made by the maintainers of the software are more then welcome to create a clone of the app and continue its development in their own way. Then, the users are able to select between the team that they trust the most and use their app.
Besides them, the companies are usually not just using open source software. They're usually contributing to its development as well. And, to contribute to the project, they have to get familiar with its code base, and therefore make sure that there are no backdoors or certain security problems with it.