The post I was replying to said that despite being open source, nobody reads the code for Chromium and Firefox. This isn't true because people are paid to read that code. Nonetheless, anyone can still read it if they want to. This means that it's at least marginally higher risk for a state actor trying to get code into these codebases than a proprietary codebase.
As I said, I think it's still pretty unlikely that Microsoft products are compromised by a state actor. It's certainly not part of my threat model. I'm not sure what point you're trying to make though. I certainly wouldn't install a system-wide HTTP proxy from a developer I didn't trust. And I don't have much of a choice but to trust Microsoft, their products are so ubiquitous I often have little choice.
The point I am making is that both Google (insofar as their open source software) and Microsoft both pay programmers to write and examine their code. That was the original criteria, and working off that you shouldn't have a problem with Microsoft.
Of course, you do have a problem as you've already made clear. However, that problem stems from how Microsoft's code is closed source compared to Google's open source code. That's religious FOSS dogma which I referred to earlier, and has nothing to do with whether programmers are paid to write and examine your code.
As I said, I think it's still pretty unlikely that Microsoft products are compromised by a state actor. It's certainly not part of my threat model. I'm not sure what point you're trying to make though. I certainly wouldn't install a system-wide HTTP proxy from a developer I didn't trust. And I don't have much of a choice but to trust Microsoft, their products are so ubiquitous I often have little choice.