That's just a user contributed thing though. It's also just in the official ports collection. There's only a makefile there and some config files for electron (electron is kinda a PITA to compile on FreeBSD because there's no package)
Now, it can update itself automatically but it's all JavaScript. No binaries.
But it's safe enough for me anyway. Especially because the dev community uses it do much. If it did something untoward it would be noticed quickly.