I think it can be summarized in this way:
Yes, it can happen with an open-source operating system on your phone just as it can with closed-source. Neither inherently provides you with more or less security, as such, but in the current ecosystem, open-source tend to be more secure because there's a more immediate response to exploits and bugs. This doesn't mean open-source always respond immediately because that's at the whim of the maintainers, but that it has a tendency to do so because those with a need and interest in security will often participate in reviewing and patching and releasing secure code, whereas closed-source software prevents an effective means of having a public and massive effort of reviewing and participating.

In short:
If I care about malware and trojans, first and foremost I should protect myself regardless of which type of operating system I'm running, THEN I'd prefer open-source because OTHER like-minded individuals are protecting themselves as well and I can benefit from that.