Nice writeup.
But,
If a project is open-sourced, it doesn't mean it is fast or scalable. Also, I don't understand what flexible here means.
Ex: Express.js is an open-source project, it doesn't mean it's fast, there are libraries like Fastify which is faster than Express.
Also, you are wrong about the security thing too, there are literally thousands of open source projects with so many vulnerabilities.
Most of the time there is more support for open-sourced projects than paid frameworks because there could be a huge community behind one.
Open source is nothing about being fast or flexible or scalable. It is about community.
Good luck.