we can't put aside open source (decentralized) exchanges just because of a possibility of them not being reviewed by experts at first. the alternative is closed sourced centralized exchanges that are getting hacked every day!
The problem is that not even reviewing them
guarantees you to have a secure software.
It is way easier to build the software from scratch with security in mind, than to adapt a different one and review/fix it.
The fact that even closed source exchanges are getting hacked (which have professional security audits and code being written with security in mind - at least talking about the big ones), is an additional argument AGAINST using software which did not have any audits at all and without having a highly professional security-orientated development team working on it.
Don't get me wrong. I fully support open-source. I use it wherever possible.
But if i would be running such a business, i'd rather pay a lot of money for a proper (and secure) software, instead of trying to save at this place.
now that is a different discussion. there is a difference between having a bug (which is normal and literary any code that has ever been written has them) and [intentional] backdoors put in the code with malicious intent.
How do you define backdoor ?
If your only definition is a true 'backdoor' (i.e. malicious person can gain access from outside), then yes. This could be found.
However, a maliciously intended vulnerability (maybe even in the design of the software which isn't recognizable at the first sight) won't be found in some 'standard security-orientated review'.
IMO the risk is way too high.