Obviously (Example: Zivver [1]). But that doesn't mean we have to make it worse. It means we need to tackle those risks.

[1] https://news.ycombinator.com/item?id=46262524

Yes, but I like to think the hacker community is persistent enough that if there were backdoors embedded in US or Chinese made hardware, it would have been found already.

Then again, they never found out about the Crypto AG communications backdoor (https://en.wikipedia.org/wiki/Crypto_AG) until 2018 as far as I know. Or they did know but since it's CIA they allowed it.