This is all theoretical, but you could use decentralized services/protocols that would eliminate such an opportunity.

If I was in the NSA (which I am not) I would place a backdoor in the browser themselves, and since the browsers auto-update from the internet anyway, I would change the DNS provider for the machine being watched (remember the DNS settings generally default to that provided by your ISP) to point to the NSA-version of the browser, and then the user would be browsing securely, but after decryption and before display, the payload would be sent elsewhere to be collected.

I don't think this would be particulary hard either. For IE, the NSA can just get MSFT to do it. For Firefox, they can compile from source, and for Chrome, well, they can probably compile from source too, because they probably have access to the build source of Chrome, with or without GOOG mgmt knowledge.

Can anyone come up with a (technical) reason the NSA could not be doing this?

For a specific target? Sure, why not.

But if they did that to everyone? Surely it would be noticed. Probably very quickly. There are a LOT of smart security researchers scouring browsers for bugs and running them in carefully controlled environments every day. Someone would also eventually notice that the production binary doesn't match the version built from source, especially for open-source browsers.

Browsers auto-update over SSL and hopefully use certificate pinning.

Your machine would be showing an extra outbound connection.

Very few people have any idea how many outbound connections their machine opens or which software is opening them. There seems to be just enough people paying attention to this that it would be caught but most people would never know.