[thrance]

You can only ever really ensure the client you use wasn't tampererd with, by carefully reading all of its source code and then building it yourself. For every update.

Realistically, you will always need a minimum amount of trust, just don't misplace it.

[beeflet]

The minimum amount of trust is clearly a lot less for open source software because anyone can view the source and whistleblow vulnerabilities (and many will regularly do so to contribute or modify it anyways).

Also, compiling and verifying software updates is pretty easy for typical application programs. I do it for cryptocurrency software, you just look over diffs and make sure it matches up to the changelog.