> That was my impression at least, I never personally went through the source code.
That's the rub though. There's nothing but trust preventing them from including some spyware in the next automatic update. Actually not even trust, whoever has account access to publish for uBlock could have their account hacked and someone malicious could inject spyware into a version of the extension.
Trust is everywhere in computer security. You trust Google to not deliver a backdoored version of Chrome to your machine when you download a binary instead of building from source. You trust them to not break the law and leak your personal data to third parties or discriminate against you based on the content of your emails.
That's the rub though. There's nothing but trust preventing them from including some spyware in the next automatic update. Actually not even trust, whoever has account access to publish for uBlock could have their account hacked and someone malicious could inject spyware into a version of the extension.