This makes no sense in his accusation. How do they get the corrupted version out there? Only three scenarios I can think of:
1. They don't release the code. OK, no problem, since that means it's not available from anyone.
2. They put the corruption in the source code. Guess what? Everyone sees the exploit, and the person who put it there is no longer trusted.
3. Corrupted binary, but leave the source clean - that works until someone compiles the source and finds out it's different (which is normally quickly). Again, those who corrupted the binary are not trusted.

Bottom line - Open Source PREVENTS this, because he's talking about hiding an exploit in plain site - very difficult!