The point was that there is never some sort of guarantee, unless you personally audit every single piece of code and build it yourself with a compiler you built yourself on a computer you designed yourself.
But having an established project with a long history and many users and external developers can give you some ammount of trust in the safety of it.
But having an established project with a long history and many users and external developers can give you some ammount of trust in the safety of it.