It's a myth that having the source code for a cryptosystem is going to allow you to spot backdoors. Crypto flaws have hidden for many, many years in far more important projects than Tor. Crypto flaws are very subtle; you can create a backdoor in a crypto routine simply by changing the way it happens to influence the L1 cache.