I just thought it seemed a bit odd to me to have the project tied to large organizations in China so much. I’m not saying to “buy American” but I do think it’s reasonable to be perplexed.

Still a red flag.

Is it? That's like saying that Intel being located in the US is a red flag for them leaving backdoors in their hardware... oohhh

https://en.wikipedia.org/wiki/RDRAND#Reception

And China has backdoors in their stuff. We shouldn't be using it.

So basically "only buy American"? ;)

I don't want to defend that company or the product, or the country they operate from, but the source code is all on github under a permissive license and thus can easily be auditioned for government backdoors. Where's the problem?

Backdoors can still exist in public code bases.