Probably because I'd find the appropriated information used somewhere.

It's been at least 5 years with not a hint of fraudulent use of my ID or payment info.

I have, however, been victimized multiple times by corporations being negligent with my data in the same time period. Sony and whatnot.

Kind of interesting that it's safer to download random untrusted OS code from the internet than to give my information to a "safe" corporation...

In any case, it's an interesting thought experiment but it gets absurd quickly when realized. How do you know you're not infected right now by a "really good rootkit"? Unless you wrote the compiler by hand, compiled every bit of the OS by yourself, wrote the firmware for your hardware using the same compiler, etc etc etc, you can't be 100% sure.

You can be reasonably sure, of course. 99% with a few juicy trailing 9's for good measure, but not 100%.

It's the same way you can't objectively prove you're not dreaming right now.

Even if you wrote the compiler by hand, it doesn't matter. See the outstanding "Reflections on Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html

Haha! Believe it or not, I had that story in mind when writing the previous comment. Really the only way to be 100% sure is to manually "bit bash" the compiler together without using ANOTHER compiler (like you would do if you're building a toolset for an entirely new architecture).