I’m also in the camp that is fully aware of what people are downloading. However, I’ve come to the conclusion that sometimes my awareness simply doesn’t allow me to know what I’m downloading. For example:
I download software almost exclusively through Homebrew. These can be CLI tools, like Git, or full applications, like Google Chrome. There are risks in both forms of software.

For example, if you install the tool One concrete example of this problem is the recent xz backdoor: Wikipedia: XZ Utils HiddenBy the way, Xz is open source and still able to deploy a backdoor.

I recently received an interesting question about the second type of installation: Is AltTab safe? This app is an alternative to the Cmd+Tab app switcher on macOS. The app offers the option to take a screenshot of your app screens, so you can see which window you’re switching to (just like on Windows). The screenshot is strictly protected by a permission that you must grant from macOS. This is of course a potential security issue: AltTab can take screenshots and connect to the internet (to check for updates and possibly install them as well). Now the app is “notarized,” which means that the app has been checked in a certain way by Apple. However, I suspect that they check that the app has been signed by the developer who they say has been checked for some known issues. But I don’t think you can ever say whether an app can also be called functionally safe.

This is why I wonder if you really know exactly what you are downloading.