Anybody can check sources, but who will?..
And can you trust their results?..
FOSS can be riddled with exploits like Heartbleed for years, and no one will notice anything. There are even competitions on hiding malicious code inside innocent one...
Only a small number of experienced and skilled developers will be able to find such malware, and believe me - 99% of them don't waste their time on reading, understanding and checking for exploits the sources of all software they use...
It is evident that all of these exist already and that people do indeed contribute, so coupled with the fact that the XDA community is over 5 million members in size, I think there will be developers who may be interested.
The only reason I can see someone not supporting this is if they have an interest not to do so, such as being the author of a closed-source (or open-source) malicious module.