For the programs I've used, many of them had version numbers that don't match what's on the website and some of the reviews were from ages ago. One of the benefits I've seen touted regarding Linux is that installing things is simple because it's just a click, but that seems like something easily exploitable.
Packages from repositories are also usually signed so you know the code you're getting is the same code the developer or maintainer has (ostensibly) vetted and hasn't been tampered with en route.