For the programs I've used, many of them had version numbers that don't match what's on the website and some of the reviews were from ages ago. One of the benefits I've seen touted regarding Linux is that installing things is simple because it's just a click, but that seems like something easily exploitable.
I second what u/ProletarianDictator said about your distro’s official package manager being more secure than even the official website of the thing you’re trying to download. For the most part, those repositories aren’t something that just anyone can upload to; they’re curated by the same people managing the distro, if that’s what you’re concerned about.