Actually, they can be quite a bit safer. If they're small enough the NSA might not have any existing targets on them, which means they won't have tried to find a way to intercept their traffic yet. They could just do SSL traffic inspection, but it's too costly (and practically impossible) to do that everywhere, so they have to do it on specific target networks, which involves a lot of work to get the thing in the right place on the network.
It would be a huge pain in the ass to cover all the smaller providers.
One thing the leaks have reveal is that the NSA invested significant effort in compromising/backdooring hardware. Now if I were intent on compromising hardware to increase my reach, my prime targets are going to be the makers of routing & switching hardware. Someone like Cisco perhaps.
Do you have any idea how many such hardware blackboxes lie between any two locations on the net? All that would be needed is a single vulnerable/backdoored one in that path, configure it to DNAT & SNAT through your MITM host ..
I highly doubt there're very many places out of that reach. Especially not smaller providers.
When you start going down that line of reasoning, virtually every chip in every computer in the world "could" be backdoored. Again, the costs and technical challenges of doing this wholesale across a long line of products across many hardware vendors is practically impossible. I'd be more worried using Huawei gear, anyway.
At this point I might just feel more secure running Huawei gear (as I type this at home on a Lenovo Thinkpad connected to an Aerohive access point plugged into a Cisco ASA firewall).
It would be a huge pain in the ass to cover all the smaller providers.