I very much doubt any malicious back door code would survive for more than a microsecond in the open source world. There are some majorly smart people who use and maintain that compiler every day. They would definitely find and kill such a thing immediately if it ever managed to get put in the code in the first place (it would never make it that far), and go after whoever wrote the code. What I'm trying to say is, it just wouldn't happen. The compiler can be trusted.
Yes, very true! And in addition, once the compiler spits out the object file, that is all that is going to the micro...
I bet too, that even a seasoned assembly writer would have a tough time producing as small and fast running app as gcc will.