Sneaky? That's not sneaky at all. The presence of eval is a great big flashing sign saying "Backdoor here!". Why on earth does the copyright file have code in it? Sneaky is the infamous sys_wait4() backdoor in the Linux source, or using open($filename) in perl, or letting someone pass in a debugging filename that you treat as a relative path without realpath().