Off topic but I have to ask. Does anyone else wonder if there are backdoors in NSA projects like this? It seems like a way you could get a foothold into lots of interesting places.
Edit: Spelling.
Also, I recognize this particular program may not be the best target, but SELinux for example, or any of their projects. As for the "It's open source argument", if they provide binaries, do they have instructions for reproducible builds?
An open source project used by people capable of analyzing the network and disk I/O of binaries they run doesn't sound like a good target -- if something was found it would have massive consequences.
Hiding a backdoor requires hiding it from every user who might publicize it, not some users.
Your issue (which is barely a vulnerability at all, in my personal opinion) demonstrates a failure to hide a vulnerability, if you think it was intentionally-placed (which I don't), in that you quickly learned about it.
I can't imaging a project aimed at reverse engineers would be the best place to try to hide that sort of thing. Ghidra is open source, you are free to audit and build it yourself if you are concerned.
Not to take away from your point, but a lot of "career" reverse-engineers are no more knowledgeable about the details of their tools or the low-level than developers.
Will be intersting if ida also adds the debugger to there free version.