Even an OSS one can have code in it that recognizes when it is compiling itself and adds the back door to the newly compiled version of the compiler.
You're referring to the "Ken Thompson hack," but it's not a real threat. You would have to solve the halting problem for a compiler to know whether or not it is compiling itself, or a version of itself. That is to say, a compiler could recognize a copy of its source code. It could also recognize familiar strings that it can find, or worse (from a false negative standpoint) hashes of that code, or parts thereof ("signatures"), and as we (should) all know, signatures are easy to defeat, which is why antivirus software is great for detecting known threats, but not so useful for preventing future threats. A program cannot identify another program based on what the program actually does -- say, compile source code and output a binary -- else we would have solved the halting problem, and we would have bug-free code, and perfect antivirus, which would render the Ken Thompson hack ineffective anyway. Yay!
Moreover, regardless of the attack vector, even a compromised binary can't hide from disassembly and human inspection. And if you're incredibly paranoid, then you could use side-channel analysis to see if anything is happening that's not supposed to be happening, unless you think the NSA has also hacked physics, then nothing I can say matters anyway.