How do security-aware people feel about downloading and installing web browsers from "the Internet"? For example, for FreeBSD there is Pale Moon, but there is no port/package for it. On Linux, at least some distros don't have LibreWolf. So, you have to go and download these from their respective websites. (Well, on Linux I could maybe use DistroBox if I could find a LibreWolf package in another distro.)
I'm sure bad actors could manage to hide malicious code in packages that you get via your OS/distro repos as well, but it feels a little bit more secure when someone from the OS/distro has gone through the trouble of creating and releasing a package via their own package system.
Basically, how can I trust a tool I download from the Internet with quite sensitive data?
Am I just being naive? Should I always run all web browsers inside jails or use flatpaks etc so they can't access files in my $HOME dir etc?