"insecure" is a strong word that shouldn't be used willy-nilly like that. F-Droid recompiles all of its applications to ensure that everything in them is free software, and that the source code provided by the upstream is actually what is in the released binary. To this end, they produce reproducible builds, allowing anyone to rebuild the sources locally and verify that they match.
Which is also how most Linux distros work. So if you use Linux to install software via it's package manager, you already participate in this model. It moves trust to the package repo rather than the app developer.
