2 Do you honestly think one can just make a fake account up, register, and publish an AUR pkg with rogue code that easy? There are checks for code whether it is safe or not, whether it is asking for right elevation, altering the filesystem's rights, etc.
You are making it sound like registering for X and publishing a tweet.
3 The most dangerous software I see on AUR is browser bins by the BIG NAMES not the little script stuff.
People are afraid of people instead of large corps @constantokra