Flicking that switch would be pretty much a one time deal. Not likely.
What would happen instead, and has happened in the past, is Microsoft (or juniper, etc) leaving a remote vulnerability unpatched while certain groups use that exploit. It's much more deniable. So deniable, that it's impossible to say for certain that it was intentional.
It's more practical to audit FOSS systems for bugs than a Microsoft solution, and the tools for doing so are open source and getting even better every day. Like you said, sharing the burden helps with cost: It also helps with the trust issue. Going one step further, formally verified software solutions are possible (and exist!). Good luck getting that from Microsoft, they ship a calculator that needs updates and internet access to run.
What would happen instead, and has happened in the past, is Microsoft (or juniper, etc) leaving a remote vulnerability unpatched while certain groups use that exploit. It's much more deniable. So deniable, that it's impossible to say for certain that it was intentional.
It's more practical to audit FOSS systems for bugs than a Microsoft solution, and the tools for doing so are open source and getting even better every day. Like you said, sharing the burden helps with cost: It also helps with the trust issue. Going one step further, formally verified software solutions are possible (and exist!). Good luck getting that from Microsoft, they ship a calculator that needs updates and internet access to run.