luckily i didn't download any of those extensions, but the author seems to be ag inst the low security of OpenVSX.

it's not really an open source problem, just an marketplace problem (which could affect proprietary software aswell).

for example zapstore has a much better trust model which is also decentralized, or f-droid who is so strict you can't even get the latest version of amethyst