Huawei to the danger phone
If we're told by our own security services that the code quality is not good, then it's probable they or other bad actors can exploit those vulnerabilities to install a backdoor.
Most organisations can't be trusted, even if 99% of the people are nice, all it takes is one insider with the right privileges to abuse their power. In the case of Huawei as with all large Chinese companies, it's required that CCP representatives are present throughout the organisation, and they report back to the party. Imagine if Trump required all major US corporations to employ his political insiders at all levels and report back to him?