Default [Q] Security Concerns - Official CM/AOKP vs. Unofficial CM/AOKP

Hello XDA-Developers.

Some of my friends in the phone/wireless communications business (including a PhD) tell me that custom ROMs are unsafe and there could be written in the code spyware such as keyloggers that can steal your data and do other things of the sort in the background. Cyanogenmod (and AOKP maybe) seem to be pretty safe, and I am running it on my i897, but the Legend is not supported anymore and the latest official ROM I can get is Gingerbread on CM7, which is very slow and seems to have issues. However, I have found these UNOFFICIAL Cyanogenmod/AOKP ROMS made by others:

2.2 ROM

Note: Don't know if this matters, but all the ROMs save the last were not made by Recognised Developers.

These ROMs (I haven't tried some of them yet) run very smoothly on the Legend and are almost as good as a daily driver.

So can I trust these ROMs because they are based on CM/AOKP but are unofficial, or is the security compromised as it was unofficially done by a member? I would like answers from a technical point of view, not speculation such as 'devs usually have no intent', etc. Don't get me wrong, I may be paranoid, but I truly appreciate the amazing work that devs here are doing, but the possibility of security issues, especially with Linux and open source, is of my concern.