And even if they did, how do we now when they make you use the open source version of protocol and when they switch to a government-mandated (or cracker-pwned) protocol version for selected customers?
And even there, to be absolutely sure, you'd have to have a well-sanitized environment (say, start from ensuring that when you build your application from sources, you know all the source code, and you know your compilers and libraries aren't pwned, and you know your hardware wasn't hacked by e.g. some BIOS-resident vulnerabilities.)
It's pretty depressing, actually. A determined adversary with intelligence-service level resources can get a lot done. Your main hope is to be such an insignificant target that they don't want to waste resources, e.g. expose 0-day vulnerabilities etc to get just you.
