The code has probably already been audited, but of course, more audits might reveal more problems. However, there might be non-obvious ways to make the code vulnerable to side-channel/timing attacks, and if you don't know what you're looking for, the only thing you can really do is to take as many precautions as you can.
For how many years did the NSA know about timing attacks before they became public knowledge and fixes were incorporated into code? Impossible to know. Code audits certainly didn't spot timing attack problems before people knew to look for them.
It's also impossible to know what other unknown attacks are available to NSA and the likes.
Of course, this is completely irrelevant to 99% of us, since anyone with knowledge of these unknown attacks would use them very sparingly in order to keep them secret.
For how many years did the NSA know about timing attacks before they became public knowledge and fixes were incorporated into code? Impossible to know. Code audits certainly didn't spot timing attack problems before people knew to look for them.
It's also impossible to know what other unknown attacks are available to NSA and the likes.
Of course, this is completely irrelevant to 99% of us, since anyone with knowledge of these unknown attacks would use them very sparingly in order to keep them secret.