I would imagine that in a world where my mum is compiling from the 'source', the 'source' that she's compiling would be infected in the same way as Download.com is.

"Mom I have told you thousands of times! Configure, make and make install, not configure and make install!"

Ubuntu shipped a spyware package with a few releases. I assume they had a source release with the same package configuration, in which case they were doing exactly that.

Are you referring to the amazon search debacle? Because that does not fall into the same realm, it was very clear that it included this feature from the moment you start it up. It wasn't hidden at all.

That one yes. Many people including the FSF described it as "spyware".

If source distribution was the main way of getting software onto the computers of less technical users then it would be rife.