The answer is to procure your binaries from sources you trust:
* Commercial vendors like Microsoft, Intel, Valve, etc. who have a vested financial interest in your continued patronage.
* Private vendors like the guys behind WINE, Notepad++, ffmpeg, etc. who are reputable and have that reputation on the line.
Speaking practically, if you don't trust your source to begin with you aren't going to waste your time auditing their code and compiling it yourself either.
I know Gentoo Linux is not for everyone and doesn't fix the issue of there being wayy too much source to ever personally be able to check it all, however I think there is something to be said for the fact that the source is indeed readable in-the-clear with most parts of the system and lots of it has even been looked-over by the package/ebuild maintainers. Not trying to say there's no risk, but I think it might reduce it quite a bit if you have the patience! The #gentoo IRC channel is in-my-experience incredibly helpful, totally smashing most types of support from corporate companies out of the water! (Of course that's also only working like that because hardly anyone uses Gentoo.. but I think the point still stands!)
* Commercial vendors like Microsoft, Intel, Valve, etc. who have a vested financial interest in your continued patronage.
* Private vendors like the guys behind WINE, Notepad++, ffmpeg, etc. who are reputable and have that reputation on the line.
Speaking practically, if you don't trust your source to begin with you aren't going to waste your time auditing their code and compiling it yourself either.