I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.
It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.