You can apply that concern to pretty much any piece of software that gathers enough attention.

You can't review the code but plenty of others do, that is one of the advantages of foss software.

Discouraging use because of potential 0-days is as pure FUD as it gets.

Plenty of people parrot the same honypot routine about Tor, PGP, etc. It's not novel or insightful, it just discourages newcomers from actually being pragmatic and objectively improving their privacy and opsec.