2. Ignorance of the law is no excuse and statistically you break the law multiple times a day.
And your right even with Open Source code introducing "bad code" isn't a particular difficult task, and finding that "bad code" can be extremely difficult. That's why lightweight, easy to maintain and audit alternatives are better than there overly complex and extremely large version's. If your having difficultly finding a needle in a haystack the only logical solution is to make the haystack pile smaller.
If your referring to "OpenBSD" that backdoor still hasn't been found, if there is or was one in the first place.