You compile with various compilers and you decompile them with different decompilers. This is trivial today.
Randomness hardware? There are already perfectly good PRNG routines available as used by currently available strong encryption.
I understand the criticisms of just relying on the fact that something is open source but the alternative - closed source - has exactly 100% of those problems, plus a whole other lot of new ones too.
"Perfectly good PRNG routines"? No, that is not at all true. Serious cryptographic software uses the OS's random number generator. There are not in fact "perfectly good PRNG routines" ready to take off the shelf and plug into crypto software.
Randomness hardware? There are already perfectly good PRNG routines available as used by currently available strong encryption.
I understand the criticisms of just relying on the fact that something is open source but the alternative - closed source - has exactly 100% of those problems, plus a whole other lot of new ones too.