A malicious manufacturer can distribute firmware that, instead of using truly random seeds, chooses seeds from a very small set.
This would be visible in the firmware source.
This attack can be performed by the manufacturers, or by any individual or gang who can get hold of 3 of the 5 firmware signing keys. Or by someone who can plant the weakness in the firmware before it gets signed. Or by anyone who can replace the Trezor by a counterfeit one during shipment to the client. Or any shop that sells Trezors to walk-in clients.
With deterministic build, everybody can check the firmware. That does not mean that everybody HAS to. If 3 of 5 decided to sign something malicious, then the rest of the guys would be whistle-blowing and everybody would know. End even if all of them signed it, then anybody verifying the firmware would have to have this weakness implanted in his code as well to see the same fingerprint of the deterministic build. Such a weakness thus needs to be in the open source code, thus visible by anybody. Not everybody has to check it. If just one person checks it and reports it, then everybody will know.
If your Trezor is replaced in the shipment, then anything can happen. But that is the case with all computer parts out there. Raspbery pis that people use with armory or for generating paper wallets can be replaced as well. So this is no worse than your paper wallet.
If the manufacturers do steal your coins, in order to accuse them of deliberate theft you will have to prove, first, that the the source address of the fatal transaction was under your control at the time, and that the destination address was not. Perhaps you can do that with witnesses, or internet access logs, but it seems quite hard. (But,ok, that is a problem of bitcoin itself, not of Trezor.) Then you have to prove that you did not leak the recovery key words inadvertently. And then you have to prove that the destination address is under their control.
I was not talking about proving that this is their address. I was talking about proving that there is a backdoor. As I argued above, if there is one, you should be able to find it in the open-source code. It should be easy to prove.
As or checking the software, see my previous reply to another post. As for it being single-purpose hence simple, I have seen several posts here requesting all sorts of features and support for things other than bitcoin. I bet that the full source will soon have hundreds of thousands of lines of code. (The Brazilian electronic voting machine, which does not even connect to the internet, has over a million lines of C/C++ source code, not counting the operating system.)
Trezor now has 16500 lines of code in *.c files and another 7000 in *.h files. This is a total for bootloader, firmware and I might included some testing and GUI code as well, that is not on the device so it is even less. And this includes many features discussed here that are not yet released. I don't see it getting to 100000 any time soon. Provided that some code is imported from other open source libraries, the Trezor code itself is even smaller.
Edit: I'm wondering what those Brazilians did there. Millions of lines you say? Wow.