Ironically, a small programming language is much more vulnerable to telemetry-code injection by its maintainers than a large one like Go, where multiple non-Google-affiliated members of the community are actively following each commit made to the compiler source code. As long as you build your compiler from source (and have always done so, per Reflections on Trusting Trust) then you benefit from those eagle-eyed auditors for free. That said, it's important that the language have good governance with representation from firms other than the original creator.