That's why Obtainium is a bad option when it comes to security.
Using official repository of F-Droid you mitigate cyber risk.
Discussion
That's not true. You are just trusting fdroid maintainers since they are the ones signing apks with their keys.
You're using a centralized curation service. Arguing that is more "secure" is very dubious.
If the original devs don't provide sigs, there's not much you can do.