That assumes that anyone interested in putting backdoors into Canonical's packages never gets a job making their packages. If you are really concerned having trustworthy systems, you need to build from source and if you doing that anyway, you might as well just use the binaries built from source.