The xz backdoor was caught before anyone used it. This is typical of open source backdoors, but atypical of proprietary ones. History is full of proprietary software with backdoors which were discovered after years or decades of being actively used. Lotus notes, RSA corporation, Cisco routers, Juniper switches, Huawei everything.
We have more or less immutable history of every change leading to every release of open source software. Any backdoors you previously created under an identity could burn that identity forever. That history is not available for proprietary software. If someone adds a backdoor in proprietary software for two years and then removes it in later versions, it's totally likely it'll never be noticed.
Thinking that open source software is at greater risk of being backdoored is akin to thinking most trees in the world grow along the road, just because you drive everywhere and have never been inside a forest.
We have more or less immutable history of every change leading to every release of open source software. Any backdoors you previously created under an identity could burn that identity forever. That history is not available for proprietary software. If someone adds a backdoor in proprietary software for two years and then removes it in later versions, it's totally likely it'll never be noticed.
Thinking that open source software is at greater risk of being backdoored is akin to thinking most trees in the world grow along the road, just because you drive everywhere and have never been inside a forest.