How could that code include backdoors if it's Open Source - is nobody able to read and understand it?

Mathematical back door.

That is, they know how to break it in a reasonable time, even though currently no attack methods are publicly known.

With the P-256 curve debacle, the suspected weakness was in the algorithm, the suspected problem was in the algorithm, it was not a problem in the source code itself, the source code is just dutifully implementing the algorithm and whatever flaws it has. I dont know the particulars about this one, but this has been discussed on many blogs about the sometimes opaque qualities of some of the more dodgy encryption algorithms, where there are certain constants worked into it that you cannot verify the source of, there is also possibilities of strategic weaknesses in the algorithms, such as the P-256 that were used on some curves . A good algorithm is independantly verifiable backwards and forwards to be universally strong with no weaknesses and where there are no opaque constants or structure that cannot be determined what its purpose and source was.

Edit: Bruce Schneir and Daniel Bernstein have both on their pages discussed the issue of P-256 debacle and EC-DRBG which has been a concern before. Bernstein developed Curve25519 to address the concerns.

There is some explanation here: https://en.wikipedia.org/wiki/NOBUS

People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.

On computers most likely running Intel ME

Then use LibreSSL. RSA is extremely well understood and is used internally by many government including the US. Well, there some suspicions it might be weaker than it appears to be so you'd need longer keys...

This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D

crypto both math and code, and yes, actually finding mathematical backdoors in an algorithm is not really viable