also you're getting at least some of crowd safety in it. If you're using Debian Testing or a rolling distro your package was probably tested by a bunch of people already.

If you're using stable/LTS branch, there were far more eyes on it too

And packages are signed, can't just hijack web domain to inject code