~
The problem is that not even reviewing them guarantees you to have a secure software.
It is way easier to build the software from scratch with security in mind, than to adapt a different one and review/fix it.
The fact that even closed source exchanges are getting hacked (which have professional security audits and code being written with security in mind - at least talking about the big ones), is an additional argument AGAINST using software which did not have any audits at all and without having a highly professional security-orientated development team working on it.
the exchange hack cases that i know of have never been because of a security flaw in their systems. it was always because of human mistakes. for example inside jobs, an incompetent employee, not securing the hot wallet properly,... and they all had highly professional developers working on their software or at least they claimed to.
Don't get me wrong. I fully support open-source. I use it wherever possible.
But if i would be running such a business, i'd rather pay a lot of money for a proper (and secure) software, instead of trying to save at this place.
i get your point and for something that is supposed to handle this much money it is mandatory for the software to be audited by security professionals but i still prefer open source software because the closed source one is audited by one person/team while the open source one can be audited by thousands and they usually are (the popular ones anyways).
How do you define backdoor ?
If your only definition is a true 'backdoor' (i.e. malicious person can gain access from outside), then yes. This could be found.
actually i define backdoor as a vulnerability that was put there by the developer himself with malicious intent. if it wasn't intentional i call it a bug.