I'm sure many are not aware of the risks involved. there are still many who complain to the bounty manager if there is a distribution problem or a missing project.
we really haven't maximized our knowledge and skills to avoid that risk. I'm sure everyone will thrive, and those who want to learn will find it fast.
The risks are beyond our thinking actually. I mean if even you work under a known and reputed manager, it doesn't guarantee you any confirmed profits or even tokens. When writing smart contracts there are ways to take back tokens even once sent to the manager and we cannot expect the bounty manager to read the whole smart contract and find glitches.
I guess that's why it's best to do one of the two things.
1- Work for only known and tested projects/teams
2- Make sure the campaign pays in BTC or at least has put some kind of collateral/BTC under the manager in case something goes wrong.