So Cyanogenmod has been backdoored all along, at least in all the Samsung builds? How is it possible no one noticed?
Somehow it seems like a backdoor from upstream is regarded less serious than if it originated from inside the Cyanogenmod project. I'm not so sure that is the case. All root exploits are equally serious.
I can think of a few possibilities where upstream would have interest in sabotaging downstream projects. Indeed most probably do, if you consider the locked boot loaders. If unlocked and reflashed devices are backdoored you can still reap whatever benefits locking them down gave you in the first place. And even if it is never used in nefarious ways it is still a PR win to scare people from unlocking. Stranger things have happened.