I linked Ken's paper because it's related. His conclusion is that it doesn't matter how smart the users or maintainers are if somebody wants to install a clever bug. Smart and clever people can still choose not to accept contributions from people they don't know.
basically they have to earn trust before they can do this
i actually have some half solutions, that many use. one of these is code signing (digital signing or simple "signed off by" from an email that you believe belongs to the owner, even thus the first is stronger)
this means, the person may eventually do bad stuff, after earning your trust. OK. But if that's ever detected, at least you can trace back to him.
Hint: he doesn't. He wouldn't accept a line of code starting with "rm -rf $VAR" in ~30 minutes on a Sunday morning.