[foodstances]

You do realize that Apple doesn't review code, right? An application in the App Store can issue malicious or accidental "DROP TABLE" statements just as easily as an application you downloaded from GitHub. Apple only reviews apps (in binary format) to make sure they mostly do what they say they do, and that they don't violate Apple's distribution guidelines (porn, trademarks, etc.)

[josephlord]

They do at least in theory establish a legal entity that is responsible. It also provides a mechanism for removing the app if malicious behaviour is detected and reported.

You are right about "DROP TABLE" risk in this case but some other threats are mitigated by the sand boxing of apps.

[empthought]

The code signing mechanisms that Apple employs in the App Store removes the risk that a third-party software update server will be compromised and distribute malicious code to an otherwise trustworthy application.

(Probably not a high risk in this case, but on principle...)