I confess I am a bit reluctant to use it, though.
After all what exactly prevents it to have a trojan inside?
You can always download the source package, compare the source with the original distributed source, all it takes is a simple diff, and then build your own package out of it.