When you modify the code you are required to publish your modifications. However that does not mean that the Linux project need to include your modifications into the official source code. Your modifications will be reviewed, for Linux this will be done by at least three or four different reviewers but most other projects require only one or two reviewers before they accept a patch. But all of this happens publicly so anyone can review your code before or after it have been accepted. Typically other developers working with the same code will take a look at it. Even after the patch have been accepted into the official code base there are people looking through the code for exploits and bugs. The major Linux distributions, such as Red Hat, Canonical (Ubuntu), Suse, etc. have hired people to look through the code of the Linux kernel and other important open source projects looking for issues. And other developers working in the same area of the code base will also look at the code you wrote. Even a lot of advanced users will end up looking into the code they are working opposite trying to figure out how it works and why it does what it does.

This means that open source code have lots of people looking at it. Especially popular projects such as the Linux kernel. This is unlike closed source projects where the code is maybe only reviewed one or twice by members of the same development team. So it is much harder to sneak any back doors into an open source project then a closed source project. Of course it is not perfect and there have been some high profile security bugs in open source software as well which have gone unnoticed for a long time. However open source software have fewer bugs per line of code then closed source projects and when security bugs are found they are usually found and fixed before any evidence that they have been exploited.