no, its just an additional attack vector, having the code to inspect makes validating updates much easier and more secure.
I’m evaluating the security of the software I’m using? what are you doing casually excusing a massive security flaw? you must not look either way before crossing the street