Notarization is mostly a glorified malware scan. There's no Apple engineer auditing what's being sent for notarization. Even clever malware can evade notarization scans and be distributed as a notarized binary, it has happened in the past [0]

There's no better way for auditing such an app than having the code easily available and looking through it, and compiling it yourself. Which is already the case here.

[0] https://thehackernews.com/2025/12/new-macsync-macos-stealer-...