[tor-talk] Indirect Tor question

[Praedor Atrebates]

In light of the recent revelations of how the NSA has broken commercial
software all over the place, I wonder about the security of Oracle's
VirtualBox VM software used by Whonix (and other?) tor-based anonymity
systems.  A large portion of VirtualBox is open source but some
libraries used are of different licenses...so perhaps somewhere in those
non-opensource libs lay an NSA backdoor?

I'm wondering about any and all similar tor-based systems wherein there
is ANY portion that is not opensource.