It is possible to send data along with other data so that it's reaaally hard to find. Also, they don't need to send data all the time, but rather activate this mode on request, say when a person using this browser is a suspect for some reason and govt needs to track his every move on the internet. This would make detecting of such a functionality virtually impossible, because it'd be turned off most of the time for most people.
It is possible. However, considering that it would only take one person being exceptionally curious with IDA, one employee to blow the whistle (the source is still "open" to a fairly large number of people, and a backdoor is far harder to hide than passive collection of existing data), or one slipup to cause a massive amount of PR damage, and this has never occurred, nor does the Snowden leak suggest this is happening, I personally consider this claim extremely improbable. YMMV.
I wonder if anyone tried frequency-modulating the data stream they send home, i.e. encode the sensitive data as changes in frequency of sending packets. Now try to Wireshark that one.
