Unlike gold, software is trivial to alter.
Anyone can dig into the code base and make any kind of alteration they want. A group of "experts" could appear to be trustworthy with enough PR and marketing spin. Also, code can be obfuscated in such a way that a third-party investigation can be exceedingly difficult. The "expert(s)" auditing the code could also be malicious.
The usual argument is that "the community" wouldn't accept such a fork, but if "the community" has poor visibility into the workings of their crypto of choice, what good does that do? Things trend towards increasing complexity in any arms race, meaning that fewer and fewer people will have the technical aptitude necessarily to understand what they are looking at.
What is protecting any cryptocurrency from a "bad actors" scenario like this?