Smart-contract creator corruption and DAO control

Hi there !

The following question is based on my understanding of the smart-contracts functioning, maybe I'm wrong and I would be happy to be corrected.

So, I was wondering, if you want to be sure that the code deployed on the network is controlled by the DAO and not the creator of the smart-contract (to avoid contract creator corruption), but still upgradable, is there any way to achieve this ? What I mean by creator corruption is creator key stealing or purposely greedy creator that would upgrade the code to a version that would hurt the users.

Let's imagine that one developer want to add a feature and propose its upgraded version to the DAO and a vote proceeds to deploy this new contract, would that be feasible ? The compiled version could be authentified by comparing hashed version with everyone being able to compile the code and compare hashes for the proposed contract.

But then, would even the DAO be free from its creator if he has the private key to the address if he wanted to modify the code ?

Maybe those questions are trivial and already answered but I was wondering if there was something I did not understand (like the creator's control over the smart contract) or if this was already discussed.

Thank you lads !