No, the saying does not hold. Microsoft didn't buy "many eyes"; they bought a relatively small number of very specialized eyes. At any one time in the mid 2000's, something like 4-5 security firms did $1MM or more in a year at Microsoft, and those firms each had between 15-40 people working at them --- and no firm did 100% of its business at MSFT.
What happened at Microsoft may not disprove this folk wisdom about defect detection, but it's evidence against it, not for it.
That's not really how secure coding works at Microsoft though. There aren't more eyes on the code, just more developer training and more processes in place. (At least that was my experience working there from 2006 to 2009.)
We also have mandatory security training for all developers. Turning every developer into a security reviewer helps a lot.
It's nothing compared to the knowledge I got by working in app sec or teaching network security, but it's pretty good for increasing the base of knowledge among general developers.
And that is an interesting point; and it is specifically the point the G*P was making, which was obscured by saying, "Oh, but there are still multiple eyes here."
The saying holds. Billions of dollars buys many eyes.