also you're getting at least some of crowd safety in it. If you're using Debian Testing or a rolling distro your package was probably tested by a bunch of people already.
If you're using stable/LTS branch, there were far more eyes on it too
And packages are signed, can't just hijack web domain to inject code
If you're using stable/LTS branch, there were far more eyes on it too
And packages are signed, can't just hijack web domain to inject code