Speaking as someone who spends most of his time making open-source software, open source still requires trust. Almost all Obsidian plugins are open source, yet the reason for this new review system is that people don't have the time or ability to vet every line of code of every piece of software. Open source software is only as reliable as the maintenance infrastructure around it. It makes promises that can't be guaranteed about its dependencies, its maintainers, the formats it uses, etc.
replySee also: https://stephango.com/self-guarantee
> Open source doesn't ask for your trust
replyAnd yet, I'd wager my life savings that almost no one using open source software actually verifies that it's not malicious in a different way than one would closed source software (ie. reputation), and instead almost everyone just trusts it.