The problem niver would have been fixed in proprietary software. And it's unlikely the problem would have been considered anything more than a 0.5s startup delay in some situations if xz were proprietary; it would have been reported as a performance issue to the malicious maintainer, who would have treated it as such and improved the startup time.

And you think proprietary code doesn't have this problem?

Can you prove it? Where's the evidence? ;)

Lack of proof in any direction is approaching the core issue here.