Fdroid (and even Google Play) verify apk signatures and hashsums.

The lack of integrity and authenticity verifications in Obtanium (which just fetches apks over https) certainly put it at a severe disadvantage when it comes to security.

Obtanium is as much censorship resistance as possible but we should be clear about the trade-offs. Unless there is a standard way for devs to publish hashsums and sigs on Github Releases that Obtanium could use for verification, things are not likely to improve.