There is some explanation here: https://en.wikipedia.org/wiki/NOBUS

With the P-256 curve debacle, the suspected weakness was in the algorithm, the suspected problem was in the algorithm, it was not a problem in the source code itself, the source code is just dutifully implementing the algorithm and whatever flaws it has. I dont know the particulars about this one, but this has been discussed on many blogs about the sometimes opaque qualities of some of the more dodgy encryption algorithms, where there are certain constants worked into it that you cannot verify the source of, there is also possibilities of strategic weaknesses in the algorithms, such as the P-256 that were used on some curves . A good algorithm is independantly verifiable backwards and forwards to be universally strong with no weaknesses and where there are no opaque constants or structure that cannot be determined what its purpose and source was.

Edit: Bruce Schneir and Daniel Bernstein have both on their pages discussed the issue of P-256 debacle and EC-DRBG which has been a concern before. Bernstein developed Curve25519 to address the concerns.

Mathematical back door.

That is, they know how to break it in a reasonable time, even though currently no attack methods are publicly known.

How could that code include backdoors if it's Open Source - is nobody able to read and understand it?