This article is from the PGP FAQ, by Jeff Licquia firstname.lastname@example.org with numerous contributions by others.
First of all, the NSA had nothing to do with PGP becoming "legal".
The legality problems solved by MIT PGP had to do with the alleged
patent on the RSA algorithm used in PGP.
Second, all the freeware versions of PGP are released with full source
code to both PGP and to the RSAREF library they use (just as every
other freeware version before them were). Thus, it is subject to the
same peer review mentioned in the question above. If there were an
intentional hole, it would probably be spotted. If you're really
paranoid, you can read the code yourself and look for holes!