I'd say the opposite, xz proved how much effort it is to actually backdoor widely used open-source software as opposed to something where the Russian government (or another one) can just go knocking.
Nothing is perfect of course but the attack was insane in terms of complexity.
Dude acts as if when it’s open source he conducts a code audit before installing anything.
xz just proves how dumb this mindset actually is.