The DOD is the largest employer on the planet. That doesn't even count the periphery of contractors. Sponsoring a project like trails makes sense and 100K to them is peanuts.

In the army we had a tactical fire computer that we ran Linux on sometimes because we wanted to test hardware. So I'm sure 23 years later there is a team testing something and they got funding for a project that they viewed as tight.

I'm not recommending for or against but if the code is open source it can be reviewed and audited. I think the issue really is in compilers that are trusted and not audited and legacy software that NSA spooks will submit code to.