What if it's sensitive data, and just want to make sure it's secure - not necessarily saying the dev is malicious, but maybe need a 2nd pair of eyes on security, etc.
Then you shouldn't trust the dev or a random second pair of eyes either, but probably get an independent security audit from a professional cybersec auditor, and even then, have insurance and a plan in mind for when leaks/hacks occur (they will, once you're big enough scale).
If you just want "good enough" security for a side project or whatever, then using standard libs & algorithms (NOT inventing your own) is usually a good bet. As a layperson you probably can't evaluate the security knowledge of a developer. Most developers can't even evaluate that of other devs. Security is a specific specialty that most devs only know the very basics of (if even that).
Security is something that even professional devs get wrong all the time and why the industry has vulnerability disclosure processes (https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability...), listings (https://cve.mitre.org/), and entire groups that try to find them before the blackhats do (https://googleprojectzero.blogspot.com/)
If you just want "good enough" security for a side project or whatever, then using standard libs & algorithms (NOT inventing your own) is usually a good bet. As a layperson you probably can't evaluate the security knowledge of a developer. Most developers can't even evaluate that of other devs. Security is a specific specialty that most devs only know the very basics of (if even that).