First, it's important to understand that Bitcoin is fundamentally a protocol, not a piece of software. Bitcoin Core is merely the most widely used implementation of that protocol.

Second, would you apply the same line of reasoning to other popular open-source projects, such as Linux or PostgreSQL? Do you believe that those projects are equally insecure?

Thank you for clarifying that Bitcoin is fundamentally a protocol. However, if the network has de facto settled on a certain implementation, then what does that say?

Linux and PostgreSQL et al would exhibit characteristics of whatever their respective gatekeepers let in.

Btw, I'm not making a definitive statement about Bitcoin's insecurity per se. I'm rather via process of invalidation querying how the ubiquitous claim, that it is an unhackable, secure (basically untouchable) money alternative to fiat, actually holds.

It has held for the past 15 years. You are also free to inspect the source code of Bitcoin Core and/or study the protocol for flaws.

It's basically a group of devs calling the shots. Like any open source project code audits could well be an afterthought with post-incident remediation. Also the average Bitcoin user isn't going to download the source code and inspect it. They just trust that these devs are and always will act in their best interests.

This reminds me of an incident at the beginning of the Ukraine situation when the owner of a heavily used library used in many prominent upstream projects decided one day that his ideological position was so strong that he would initiate a supply chain attack in his code targeting Russian users by IP or something. There was nothing to stop this. That's the nature of open source software.

It's neither trustless nor regulated.

You just need one honest pair of eyes watching the code to sound the alarm. Even if the Bitcoin core developers conspired to sneak in malware, it might affect a few users but would be quickly detected and wouldn't impact the Bitcoin network/protocol itself.