I am now rather confused in my ignorance... So the parameters (for ECC) were chosen "at random" theoretically (and so here lies the trust inherent to these?). Thanks for the info.
The parameters are derived from the SHA1 of high entropy values of unspecified origin.
It means they very very likely couldn't have algebraically produced a single set of specific magic evil values that enabled them to crack the cryptosystem, a true backdoor, since it would have been computationally infeasible to get SHA1 to output the right values.
However, they could have tried billions and billions of sha1 seeds looking for parameters which met some unknown to us characteristics which made the parameters stronger or weaker. Their "veritably random" procedure could have easily foreclosed this possibility, as was later done for some different parameter sets, but they did not.
So that's true, but remember that they're simply employing the process that IEEE 1363 described years earlier. The circumstances are different: IEEE was trying to explain how to generate parameters, and NIST was specifying which parameters to use, but the methodology is the same.
It is thus not particularly "telling" that there's an opaque SHA-1 seed. That is to say, it's not a "tell" that they didn't use a simple string (like the digits of pi or something), because that's not the IEEE method.
I preemptively agree that we'd have been better off had the seed been transparently generated, too.