I know how OS works. I also know how it possible to make very subtle changes to crypto code (For example, compromising a random number generator before a whitening stage to hide the result. This is how Racal Milgo, Crypto AG and Cylink compromised their commercial encryptors under orders of NSA in the mid-1990s). My concern is not a hacker making unwarranted or hidden changes but one of the 'trusted' BTC developers.
Every change is hashed with a sha1 hash, building upon the last sha1-signed change. It's easy to see whatever a dev makes a change, whether it's a hacker or a "trusted" BTC developer. This is not a large concern.