One could have different tiers of repository for different levels of trust.

In arch Linux, I trust the base repositories more than AUR.