My personal opinion, after researching it quite thoroughly, is that the NSA had zero input into the parameters used to create the specific elliptical curve (secp256k1) used by the Bitcoin protocol. 

This does not address possible weaknesses in the mathematics of elliptical curve cryptography in general. 

This does not address possible entropy issues in the random private key generation, and just as importantly the random nonce generation, of any particular implementation.

This does not address possible weaknesses in the other cryptographic subsystems used in the Bitcoin protocol, specifically the hashing algorithms.  Although I have looked into it and am personally fairly convinced that the hashing algorithms used are safe for our purposes.