It is very naive to think that "Malicious features simply do not thrive in
libre software."
More difficult, perhaps, impossible, not by the least. There are many
vulnerabilities in any given software. And yes, Libre, open source software
can be created with the explicit intention to create holes (bugs). An
example is the prior OpenSSH debacle, this only affected systems that ran
SELinux, if you did not have it installed or enabled then your system was
fine. Interesting that a system designed to make your OS more secure created
a major hole that was wide open!
SELinux is what made OpenSSH insecure! Similar concerns have been raised
with systemd.
http://www.juniper.net/security/auto/vulnerabilities/vuln30276.html