>but the best way to hide a backdoor is to make it look like a mistake

It is, but usually the best way to do is to make it look like a mistake that's very subtle and difficult to notice without careful testing and analysis, kind of like Apple's infamous SSL "goto fail". That's a classic example of a vulnerability that really could be either an honest mistake or a very insidious backdoor.

This is more like leaving the house's sliding glass door to the backyard wide open for everyone to see.

Then again, maybe the best way to hide a backdoor is to have another very obvious one so people look the other way.