A lot of dubious claims here.

1. "Most open source repositories do have eyes on the code"

Seems basically impossible that this is true.

"Debian often has separate maintainers who maintain patches specific to Debian." does not support the previous statement. Debian cherry picks patches, yes.

2. "It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories."

Not only is it not a coincidence, it seems to not even be true.

3. "The play store will always have significant amounts of malware, so this entire conversation is moot."

This seems to just be "a problem can not be totally solved, therefor making progress on this problem is pointless to attempt". I... just reject this?