I don't think there is an "intrinsic risk" in anything. I personally trust F-Droid more than Obtainium and even more than most original developers themselves, because
1) F-droid has been around for a long time and it's proven to be well governed.
2) F-droid tells me if the software is still maintained, if it's a fork of another project, if the opensource software is using non open service as a backend, etc..
1) F-droid has been around for a long time and it's proven to be well governed.
2) F-droid tells me if the software is still maintained, if it's a fork of another project, if the opensource software is using non open service as a backend, etc..