Microsoft has many thousands of former employees who once had access to the source, with little to lose from anonymous whistleblowing. There are likely as many eyes on any important bit of MS code as open source code, given the size of the company. The backlash for getting caught lying is huge. That's why all the "big lie" companies are so pissed at the gag orders that accompanied their demands for information.
Lets see. So what you're claiming here is that every employee at Microsoft not only has access to every piece of code but that they've actually gone through that code detailed enough to spot any NSA Easter eggs.
First, have you ever worked on a large proprietary software project? From my experience it's lucky if three people even look at any given piece of code much less take the time to really understand what it does. Even in support mode they're typically only going to look close enough to fix the bug they're working on.
Second, an operating system (especially Windows) is a huge piece of work with 1000's of mostly unrelated modules. Very few people would know much outside of their area of work.
Third, you're typically not gonna let your GUI programmer even have access to network stack code.
And lastly, this is Microsoft we're talking about. They can't even figure out how to make there own software work worth a crap. You really think they'll be able to figure out what a highly complex and secret NSA module is doing. (yes that was sarcasm)
Let's not forget than open source vendors are just as vulnerable to this sort of arm twisting - and again I just hope for whistleblowers willing to take the risk. Other than Theo de Ranter, who I'm fairly confident would instantly disobey any gag order, if just to have something new to complain about, I'm not sure most open source software really has an advantage here.
Do you even understand how open source works? Redhat is an open source vendor. Do you realize that CentOS and Oracle (amongst others) both copy and distribute Redhat's software? So they're going to strong arm everyone? CentOS isn't really a vendor even. It's more a loose conglomeration of volunteers. How are you going to strong are them?