a thought I had this morning while waiting for my system logger to compile:
you really have to put a lot of trust in Gentoo and their Portage package system. since you can compile everything, you have to trust that noone has inserted unpleasant code in the config script, or anything like that.
of course, being that it's Free Software, there's no guarantee about anything. I would expect, though, that they audit their packages regularly.
this is all obvious to anyone who might be installing Gentoo, I'm sure. it just occurred to me, is all.