[rcxdude]

Extremely difficult to achieve undetected. Firstly just successfully smuggling a working design for spyware into the PCB design would require an impressive feat of CAD engineering, then there's no way to achieve this just with copper traces, you would need to add new components to the board. Both changes in the traces and new components would be extremely obvious in all but the most automated workflows (getting a PCB manufactured is a very manual process). It's typical to inspect the output gerber files manually for any errors, as well as for PCB manufacturers to offer a preview of their interpretation of the gerber. Similarly with the BOM, which has a different flow with a lot of human touch. Also, the techniques which would allow hiding the components within the PCB itself (which do exist) are extremely rare. The only places with the slightest chance of this working (massive organisations with a huge amount of siloing) aren't using KiCAD as a tool.

[dTal]

You're correct of course. It's wildly infeasible, prone to rapid detection, and there's no plausible profit to sneaking subtle backdoors into random KiCAD projects. Now let's brainstorm possible vectors anyway...

You could manipulate PCB traces in such a way as to leak data over RF? No topological change to the circuit and very hard to pin down.

[polishdude20]

Any data leaked would just leak more than it already does. If your data is encrypted, it would just be encrypted but louder.

[exporectomy]

Perhaps there's some chip that has some functionality enabled by a logic input. The designer intended it to be off but KiCad tied it high or low or open to turn it on instead. That functionality might enable a serial interface or reading or writing some sensitive memory or whatever that might become a vulnerability.