How does Zed ensure that all the LSP files it downloads are safe?

For language support I see a lot of third party tools getting installed that are developed by random people on github.

Is zed always grabbing the latest version, or is there some review/cool-off period?