This is a fairly common cognitive dissonance I see in technology – preferring small developers/publishers/etc with essentially no basis for trust over big companies who are subject to legislation all around the world and have strong compliance procedures, auditing, security assessments, chains of trust, etc.
The latter is more secure in almost every case, in almost every way you can analyse the problem, but at a human level it's easier to trust one person whose name you know over a company where you can't point to any specific individual.
When you know someone personally then perhaps this is a reasonable trade-off to make, but "on the internet nobody knows you're a dog"[1]. People form parasocial relationships with individuals, movements, influencers, etc, and really there's not much to trust about them.
The latter is more secure in almost every case, in almost every way you can analyse the problem, but at a human level it's easier to trust one person whose name you know over a company where you can't point to any specific individual.
When you know someone personally then perhaps this is a reasonable trade-off to make, but "on the internet nobody knows you're a dog"[1]. People form parasocial relationships with individuals, movements, influencers, etc, and really there's not much to trust about them.
[1]: https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_...