A human name is not required for legal accountability.
A human name is required in order to be legally employed.
None of this applies to open source in many (if not most) cases --- the subject one being an example.
Yes, installing any software of "unknown origin" is a gaping security hole --- whether FOSS or not.
The fact that some people do dumb stuff does not negate the fact that a lot (if not most) FOSS fits in this category. Anonymous maintainers and contributors is pretty normal operating procedure which equates to zero accountability.
The common retort is, "Well, the source is available for review". But as this example shows, this is a very weak indicator of security or safety. A review is often not done before (or even after) distribution --- and certainly not with a malicious actor in charge.
> Anonymity is the unique aspect of open source that opens the door for malicious activity without consequences.
If you'd like to amend to something like
> Anonymity, which is in play for most FOSS and a decent chunk of proprietary software, opens the door for malicious activity without consequences.
Then I wouldn't strongly disagree. I'm still a little skeptical, because people keep finding backdoors in non-FOSS software/firmware, of course, but it'd at least be a defensible claim. I'm only really objecting to the notion that this is unique to FOSS.
Just like there's basically no reputational harm anymore for leaking all your users details for most leaks
