On a different topic: back in the early days of compilers —when they were just starting to be practically useful, and it was yet unclear if they were even theoretically possible— there was a fair amount of work done with homomorphic compilation, with the idea that to be a homomorphism was sufficiently constraining that there couldn't be more than one, and hence if one succeeded in constructing such a compiler, it would necessarily be the one sought.
(anyone know how to express the above para in a less esoteric language?)
It just occurred to me that a homomorphic compiler is a reasonable counter to Thompson's "trusting trust" attack, on at least two levels:
as per the reasoning above, a properly constructed homomorphic compiler shouldn't be able to insert trojans (to what degree would this extend to a Scott-continuous compiler?), as that involves a bit more latitude of action than simply composing meanings to determining the meaning of a composition.
even if one were not convinced that the compiler was fully homomorphic (and that programs were initial, etc.), as long as it was sufficiently homomorphic, one could effectively use "homomorphic encryption": by compiling a conjugated login program, and unconjugating the compiled object, it could be made arbitrarily unlikely that the trojan insertion would be triggered.
(of course, at this point one would still have to trust the loader, the h/w, etc. etc.)