Well, I'm not personally familiar with your racist screeds, but I can say that with the OpenOffice and Symphony SGA's, we (Apache OpenOffice) did absolutely no review of the code before checking it in. None. We didn't verify that it compiled. We didn't verify that it ran. We didn't verify that it lacked known security flaws. We didn't verify licenses. The code from an SGA is raw and unreviewed.
So if you put a "racist screed" in a C file (or preferable C++) and hid it within an SGA contribution, it could get into SVN. But as soon as it was found, it would be removed.
And if we found a Microsoft-owned header file in the contribution, then that would be removed.
And if we found a functional error then that would be fixed.
And if we found a security flaw, then that would be fixed.
And if a license header was wrong, then that would be removed.
This is all done as part of making an Apache release. This is all done openly, transparently on our mailing lists. (Subversion commit messages are echoed to a public mailing list).
When you think of it, how else would you transparently review, within a community, a software contribution, unless you first put it into a public repository where everyone could view it?