Nothing.
They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.
Actually you can pretty much blindly trust them (without personally checking the code). All you have to do is wait for a week or so after they release an update, then search TREZOR related threads and boards to find if anyone has decided the update is malicious or faulty. If you're not competent at reading through it yourself, there's no point trying too hard with little outcome.