Your comment doesn’t quite make sense: Building from source lets you (and everyone else) inspect the source, while building from provided tarballs means if you compare it to source it’ll be inherently different, as the autoconf process makes changes to the files.
If you’re downloading and executing a binary from github releases, then you’re completely at the mercy of the maintainer (nix only does that with closed source packages)
If you’re downloading and executing a binary from github releases, then you’re completely at the mercy of the maintainer (nix only does that with closed source packages)