I think you can verify the whole supply. So if someone by any chance found a way to inflate the supply, it would be announced. But you could not tell which address did it. Also, Fluffypony mentioned the source code responsible for a double spend is pretty tiny, so chances are pretty low.