I’m obviously not OP but the first thing that comes to mind are attacks like the one that targeted xz. Open source developers are generally overloaded between demands from the community and their regular lives, and they also lack the means and ability to check the background of everyone contributing code or vying for maintainer status. This creates the risk that somebody with bad intentions works their way into a position of some power over the code that gets merged. Bigger projects with strict governance and an active community of contributors (or funding for dedicated developers to maintain control and check outside contributions) have much smaller risk in this regard.
I’m obviously not OP but the first thing that comes to mind are attacks like the one that targeted xz. Open source developers are generally overloaded between demands from the community and their regular lives, and they also lack the means and ability to check the background of everyone contributing code or vying for maintainer status. This creates the risk that somebody with bad intentions works their way into a position of some power over the code that gets merged. Bigger projects with strict governance and an active community of contributors (or funding for dedicated developers to maintain control and check outside contributions) have much smaller risk in this regard.
Should I switch back to Firefox from libre wolf then?
Some things are riskier than others. The point is that you understand the risk and make informed choices.