Even if Cisco does something huge like creating a write version of the codec that runs in GPU and works with FOSS video editors, someone running just watching total up and down network activity in Conky or gnome-system-monitor with no browser open could compare network activity between it and Libx264 to verify that it was not trying to phone home. I've done this myself to verify a browser not sending data with every keystroke in the URL line, when I compared Chromium with the known spyware on and turned off. Testing anything else would work exactly the same way, hell you don't even need Wireshark unless you are verifying WHAT is being phoned home to, like the folks who busted Google for spyware when Chrome first came out did.
I would not worry about video codecs other than flash, which is a whole closed binary. I would worry about keyloggers, browser Trojans, and especially about unencrypted hard drives vulnerable to police raids. At least I went to encryption before instead of after a 2008 raid on my house, and it seems they never cracked it. Yes, CISCO is known for hardware compromised by the NSA and others: mostly for routers, the main targets of the NSA's surveillance of the network. My guess is routers handling large volumes of traffic are the targets here, and desperately need FOSS firmware to put a stop to it.