The maintainers are vetted before joining, and are removed if they do something untoward, but when the choice is between killing the project or giving it to some random person, Code Shelter provides a better alternative.
What if they pass the joining process but then later sneak something in that goes undetected until things go boom? There are alternatives, you can fork the original project, and things will go on. As others have said too, you can just update the underlying software and there's a good chance that the wrapper itself will continue functioning, providing there are no giant breaking changes and by that point, a fork or alternative will likely have handled it.
What if there's no joining process, and they contact a maintainer directly, and peer pressure them to hand over the project, and the maintainer does, and then they sneak a backdoor in some binary test files?
That scenario is exactly what PiVPN is avoiding by refusing to nominate a new maintainer and telling interested parties to fork--so what is your actual and concrete objection?
> I wish people would put their projects in something like https://www.codeshelter.co so anyone who's interested can maintain them, instead of just killing them
So to me that says you want it both ways, for while I appreciate what the codeshelter folks are trying to do, it is a task that is going to turn out Sudden But Inevitable Betrayals. Instead of contacting a maintainer directly, they just look sufficiently polished that codeshelter says "yeah, sure, OK" and hands it over.
Forking the project and earning your own trust really is the safe path forward.