Compiling the GUI pulls in quite a few dependencies, which could theoretically include backdoors that are leaked into bitcoind (or other non-GUI utils) as well.
A possible mitigation would be to compile the GUI in a separate guix container from the rest of the binaries. The downside would be that the node library, and the depends
dependencies of the node library would have to be compiled twice, but the overhead may be worth it?
(I won’t be working on this, but I wanted to keep track of this in a brainstorming issue, as the topic has repeatedly come up)