A month ago, Zoom didn't have the security issues that Zoom has, either.

Or rather, of course, it did - they just weren't known/public. I'm certainly not going to say I put a particularly high level of trust in Zoom - they have shown from previous actions that in many places security certainly wasn't one of their main design concerns - but I don't believe it's fundamentally insecure, in the same way that I don't think anyone could say that Jitsi doesn't have it's own (unknown) security issues. Yes, the fact it's open source helps, but that's not a panacea for "no bugs".

eg, zoom has been hit with people "zoom-bombing" meetings by guessing/brute-forcing meeting numbers. Jitsi don't use meeting numbers - it allows you to enter a meeting name. Do you trust your staff (all of them, not just some of them!) to not start a meeting called "SalesMeeting", which is infinitely more guessable than meeting number 2895422281?

Which perhaps works as long as your meetings are 100% internal, and your staff all use VPN, and your IT staff as on top of things to update the software when bugs are found. Maybe for you that's true. For most people, it won't be. Of course, you can still use it if it's not 100% internal/VPN, but now you're just running another service open to the internet, and that negates some (but not all) of the benefits of running it yourself...

Zoom fixed the UNC path bug within a few days of it being found. The fact it existed is bad, but the value of a cloud service is that it's now fixed for everyone (OK, so in this case it's a client bug, so you're still relying on users to actually update the client - but at least the cloud service is pushing out the new client)