There is an array of IP addresses encoded into the client (
here)
Where did the list come from?
Is this just a selection of IP addresses for nodes that have high uptime for a long period of time?
This protects against the DNS system being compromised?
There's a script somewhere in the tree that generates this list. I think it's the same list as that used by the DNS nodes, only hardcoded into the source while the list maintained by the DNS nodes is dynamic. I'd have to check, but I believe the hardcoded list is tried before using the DNS nodes, to avoid overloading them.