Ultimately you can not know for certain anything is safe from being compromised. Instead, you must take steps to assure the risk falls below reasonable levels, and that exposure is mitigated to reasonable scope. In that regard open source reduces the difficulty to achieve those ends.
for the 0.01% of the crowd that will (or know how to) compile a project... that might work
for the other 99.99%... they’re screwed