This is a good moment to note that http://bootstrappable.org/ exists and is one of the low level defenses OSS can provide against this problem. With the minimal set of binary blobs that can be audited we can reasonably reconstruct whole toolchains from scratch.