> adding a repo for every app adds unnecessary security risks

Could you speak more to your security concerns about adding repos? To the very best of my knowledge it doesn't auto-download from all the repos, that would be crazy, and it for sure doesn't auto-install from them