You don't have to be a witness to review code for malicious additions. Just running a diff on the new code against the older version will highlight the changes.

Haha you got me. Yeah after I wrote that I was like... ehhhh that's a little paranoid and not accurate. The amount of code needed to change for the fork is very small. It's the testing of the code that's the big deal.