I don't know everything, but I do know they've let their HTTPS cert expire a few times [1], and they apparently delay package updates from upstream for like 1wk for "stability" reasons... which doesn't really add any stability, and just slows down releases.
Ironically, on mobile Manjaro has shipped unstable and WIP patches, leading to issues and annoyed maintainers [0]
0. https://dont-ship.it/