Jurisdictional concerns are "nonsense"?
After what we all now know, as a matter of documented fact, about how the US intelligence agencies operate, clearly the idea that anything pertaining to security that comes from the US is inherently untrustworthy, is certainly not "nonsense", and any supposed security researcher who casually dismisses this proven conflict of interests must be gravely afflicted by bias.
On the other hand, open source entirely mitigates such concerns, since any attempt to compromise its security is subject to public scrutiny. It can still happen briefly (e.g. via hacked repos), perhaps even long enough to cause serious damage, but ultimately it will be found out, and sooner rather than later.
But certainly in terms of services based in the US, the only safe assumption one can possibly make is that they are all under the thumb of the US intelligence agencies, and therefore cannot be trusted. I believe that is a very reasonable assumption under the circumstances. Moreover there is absolutely no way to ascertain their trustworthiness, given that said intelligence agencies can not only coerce and compromise them, but also gag them to ensure they are legally prohibited from even revealing this coercion.
Biting the hand that feeds IT
