It is one thing to KNOW the authour and his/her history, or the Company they work for so trust could be built, but for the likes of unknowns - then you all deserve what you get if the worst happens and you are the ones that are proliferating the use of these unknown applications.
#crysx
We cannot expect for a general understanding of online threats. Each individual is responsible for doing [or not] their own due diligence. Yet, I believe your advice should be taken very, very seriously.
Certainly not everyone working with open source has suspicious intentions. In fact, many are doing a lot of good when working with open code.
But surely there must be an educational front, where people can at least grasp some ideas of what harm could be hidden within a compiled release. Others more advanced can easily bypass any malware when running such files.
The safest way to proceed is probably to compile from source. And if that's not possible, then there should be some trust when it comes to shared releases.
BP