Well that's basically all we do isn't it? Every exe you run on windows, every apt package you get on linux, every docker container, or node module, etc. Just layers and layers of running black boxes that nobody but the original developer knows much about.
But even if you compile it yourself, what exactly are you gaining? Extra work for something you won't look into anyway? You'd think open source stuff would be more peer reviewed, but as a maintainer of a few open company repos it's surprising how much nobody actually cares and will just run whatever.
Most of the time it works fine because the average person isn't a malicious actor, but every so often something gets compromised and it's always discovered by pure chance.
But even if you compile it yourself, what exactly are you gaining? Extra work for something you won't look into anyway? You'd think open source stuff would be more peer reviewed, but as a maintainer of a few open company repos it's surprising how much nobody actually cares and will just run whatever.
Most of the time it works fine because the average person isn't a malicious actor, but every so often something gets compromised and it's always discovered by pure chance.