"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."