Really from a purist stance, people should audit the code and build it themselves.
However this would exclude most people except dorks like us.. so you just have to trust that you got it from a reputable source. I distribute a Mac OS X binary version but if you don’t trust me you shouldn’t be using it. Similarly, I can make a password manager tool or a PayPal assistant tool and I can make it send your passwords and money to me. You have to trust someone I guess unless you are willing to audit the code yourself. The network itself has some protections from non-cooperative nodes but the users are obviously targets for scamming. Kind of reminds me of the card skimmers people install on ATMs too.. they think they’re using a trustworthy machine but it’s been modified to capture their information.