Security is a give and take, and with bleeding edge you have to balance it more. Yes bleeding edge can mean bleeding hearts when a security issue is discovered in new code. But just as often, if not more frequently, it also means you get security patches before almost anyone else. And the AUR is insecure, as it’s a user repository. But 99% of the time if you read the PKGBUILD (it’s really easy, you can usually skim it) and check the sources you’ll be fine. The AUR being insecure isn’t bad, it just means you need to put more effort into checking on stuff and you need to be responsible for your security. These aren’t bad habits to have in general, but it’s a bit of a learning curve coming from systems that expect to handle most of your security for you.
that’s fine, give me the hammer. I despise this increasingly pervasive online first mentality. I like native applications using native toolkits. They’re installed on my machine for a reason. I don’t want the clusterfuck of HTML, CAS, and JavaScript managing my interfaces; they’re horrible. Just because a monkey eating pop rocks can piss out a Pollock doesn’t mean i wanna buy it. I am absolutely willing to trade some UI/UX niceties for actual fucking applications.