The long and the short of it is that it is not unheard of, or particularly difficult, for an obfuscated back door to be slipped into open-source code. But hey - this is a risk in Bitcoin and Monero and other cryptocurrencies, so Dash is fine, right??? Well...for currencies besides Dash the risk is somewhat reduced by the fact that the effects of such a backdoor can immediately be observed, whereas with Dash the "spork" model means that an exploit can be hidden away and only activated at a later stage, or the network can be remotely forked by anyone who holds the spork key.