I agree, but there are certain tradeoffs in trust. I do keep a watch over the software than comes in precompiled form.

I make a distinction in trust levels.

I would be more likely to trust a binary that comes from a prebuilt distribution, like Ubuntu; than from some perl hacker who claims he/she dosn't want me to see what the script does. There is just an obvious difference there in threat level.

At least the distributions make their source packages available. Will the perl hacker make his uncompiled source script available to me?