Brave behaving like Win XP era browser with gazillion toolbars installed, with a pinch of crypto and crypto promoting ads should be a giant red flag.
FOSS =/= trusted by default. Why are there so many FOSS evangelists, but such a damn tiny part of them are programmers, let alone programmers able to examine a source code behind such a giant codebase as web browser?
I use Vivaldi, at least their business model is clear, and developer is kind of trusted, and not crypto scammer and homophobe.
Chromium has tons of eyes on it, because it’s codebase for many other projects, such as Electron and any chromium based browser.
Web integrity wasn’t discovered through chromium source code, but it was openly proposed by Google on separate Github repo, dedicated solely for that proposal.
There are many shortcuts in your thinking that just the code being open makes it trustworthy. Every PowerShell malware technically has its code open, because it’s a script. But you wouldn’t open a random script from the internet, without checking what it does, yet you don’t apply the same logic to Brave. If you don’t check the source code yourself, you either need to trust an author, or third parties that “checked” the code.
In addition to that, you’re probably using compiled binary, which means at this point you can throw that source code out from window, because at this point you can’t be sure compiled binary == source code.
Due to the enormous amount of code, it’s really easy to obfuscate malicious behavior. At the scale of the browser it’s more efficient tracking outbound packets that program sends than examine source code.