If you don't trust an open source middleware or just want to be compliant in your infrastructure from end to end there are products (middleware) that incorporate or use the EID but just as an card and use it in an secured and compliant environment.
These are commercial products but as they are used in high secure environments they have to protect the authentification and the data on the EID in a better secure way.
Some security products and installations that let you use EID also use these commercial middleware installation instead of the FEDICT software.
If anyone has a list of commercial security compliant EID reader middleware, this may be interesting
If you have the money, you don't have to use the opensource solution from FEDICT if you want to be absolutely sure.