It is possible to send data along with other data so that it's reaaally hard to find. Also, they don't need to send data all the time, but rather activate this mode on request, say when a person using this browser is a suspect for some reason and govt needs to track his every move on the internet. This would make detecting of such a functionality virtually impossible, because it'd be turned off most of the time for most people.

It is possible. However, considering that it would only take one person being exceptionally curious with IDA, one employee to blow the whistle (the source is still "open" to a fairly large number of people, and a backdoor is far harder to hide than passive collection of existing data), or one slipup to cause a massive amount of PR damage, and this has never occurred, nor does the Snowden leak suggest this is happening, I personally consider this claim extremely improbable. YMMV.

I wonder if anyone tried frequency-modulating the data stream they send home, i.e. encode the sensitive data as changes in frequency of sending packets. Now try to Wireshark that one.

Indeed. To quote myself in another reply:

> Although proprietary software may be easier for a government to compel to be modified to add tracking, it still runs the risk of being noticed in most reasonable cases, and there is in fact no evidence that any Western government is doing any such thing. It does increase the chance that you are being tracked due to incompetence, but I don't think this is particularly likely for such well-known software.