Because they don't know any better.
I hate to repost a statement, but I made this a couple of days ago in regards to java in another
Who do we trust? We gotta trust someone/something at some point. I use VPN, proxies, Tor, Freenet, and some other things frequently. Still though, I gotta trust Google with some of my mail. I gotta trust Comcast with some of my pipes. Heck, I gotta trust the Devs of Tor/Freenet for that matter. I gotta trust Apple/Samsung/HTC/et al with the hardware.
I could crawl though every line of precompiled code for the services mentioned above. Still doesn't help me with the pipes. Even RTS/Torvalds/the EFF has to trust some part of the process in the modern world.
I wish there was more of a vetting process for those who want to check everything out. Sadly, there isn't at the present time, and likely there will never be a 100% vetting process. Maybe a different question to ponder is how do we increase the trust in those where we HAVE to lay some trust?
As long as we're going to reinvent the wheel again, we might as well try making it round this time. - Mike Dennison