That why #e2ee, #opensource, #reproduciblebuilds, #community. No point forcing malicious activity if it can be discovered, devs don't need a special status and trust on intermediate components is minimized or ideally reduced to zero.

This is where nostr shines bright. Good luck taking down anon nostr users pushing and collaborating on code over nostr, through e.g. a relay exposed as an onion service, funded by freedom money aka bitcoin.