And yay warns you before anything happens and prompts you to review the PKGBUILD files and any patches for this very reason. So there are at least two "are you sure?" confirmations needed before even building anything.

This is a situation where you have to go out of your way and be naive to be affected. You simply can't protect the user from everything.