The rapid adoption of large language models (LLMs) and the widespread use of open platforms like Hugging Face have introduced new security challenges, particularly in model integrity and supply chain vulnerabilities. This talk explores the feasibility and methodology of backdooring LLMs distributed via Hugging Face, highlighting how subtle code or model manipulations can lead to hidden malicious behavior. Through practical demonstrations, we uncover how backdoors can be implanted in model weights, preprocessing scripts, or post-processing hooks—often without detection. We then transition into secure coding practices and model publishing guidelines aimed at mitigating these risks. By analyzing real-world scenarios and providing actionable recommendations, this work serves both as a cautionary exploration and a guide for developers, researchers, and platform maintainers to adopt more secure practices in the era of open LLM sharing.