That's not true. You are just trusting fdroid maintainers since they are the ones signing apks with their keys.

You're using a centralized curation service. Arguing that is more "secure" is very dubious.

If the original devs don't provide sigs, there's not much you can do.