Being sued to death and possibly being hit with criminal charges as well.
If you are in a position to successfully (as in get your code reviewed, accepted, promoted and deployed) backdoor a product that is big enough to qualify for a bug bounty of even a $100,000 you are going to be paid well enough for the risk not to be worth while.
