Mostly no and mostly no.

If you download an executable from the web, you have to trust the source.

If you buy boxed software, you have to trust the source, too, of course. But it's considerably harder to make a store sell a faked package.

If someone intentionally writes malicious software, they can be sued. In the web, the hard part is tracking down the author; that's easier with boxed software, obviously.
Also, software that you buy usually comes with at least partial liability. If the software is so buggy that it destroys your data or lets attackers in, you can try to sue the vendor, too. The outcome of the battle will depend on local law, but in general you'll have to prove that the vendor was criminally neglectful in releasing the software in that state.

In such a legal battle, the vendor may have to open the source to the court. But everyone who actually gets to see it is also bound by non-disclosure agreements.

OK, but there are special cases, of course. For example, some companies offer to show you the source in exchange for an additional fee, so you can do your own security audit. Other companies have policies for software that works together with their own. Windows driver licensing is one example: in order to get your driver signed (and thus usable under Vista), it has to pass a certification process from Microsoft, and that means you have to give MS access to your source.

Edit: four replies while I was writing this. Must be a record.