Default [Q] Custom roms &spyware

Hi all, I just started flashing custom roms and kernels and really enjoying the learning process. XDA and its members have been a huge help and awesome resource. It occurred to that it might be possible for the developer of a custom rom to hide spyware in their rom, is that true?

Also, does it happen or does the community on XDA keep people honest? Like if I flash one of the popular roms like AOKP, PacMan, CM, etc, are there enough people (smarter and better technically equipped than me) who would spot it and out the developer/rom?

I just want to know that what I am doing is reasonably safe in terms of spyware. I know there are other risks with flashing custom roms and kernels, but I haven't read anything about spyware.

Thanks!