My understanding is that a thorough code review of that time period found no malicious code, but the more important point is that three letter agencies have been actively trying to subvert internet encryption for a long time, as far back as 1999. In the OpenBSD case, they wanted to break a VPN that other government agencies were using, I believe. This all started with the fight against Zimmerman and PGP. They lost in the courts, so they turned to technical subversion, and have been trying to do it ever since, although they haven't always succeeded. Of course, they still use the law when it is handy, such as making people sign 10 year NDAs and using secret courts cover up their illegal activities.