I don't think it's actually irrelevant; there's a reason they did it that way. Getting commit access and being the only one who can even read the code are two very different things. Even if you can modify the code, the less obvious it is that the change is adding a backdoor the less likely someone else is to catch you.
I think it would be so difficult to convince me that a state-level adversary who has obtained persistent access to Netscreen's builds can't hide arbitrary backdoors that it isn't really worth hashing this out. I'm just going to point out again that the Netscreen attack didn't break the "NOBUS" property of Dual EC --- so far as we know, the Dual EC private keys have never leaked.
It seems like you're implying they'd be too good to ever get caught, but... they got caught. The trouble is, making a backdoor less obvious makes it more likely that if they try it 10 times they don't get caught all 10 times, more likely it gets into production before they get caught, more likely that it stays in production for a year instead of a month, etc.
