This is why I'm so mindful about using third-party services that require access to our code to perform their service. It's not that I don't trust the third-parties not to abuse their power, but by trusting them with my code, I also have to trust their security measures.
As such, I always very carefully weigh the benefits such a service can provide against how much work it would be to do it myself (which will likely produce a shittier result, but which will be fully under my control).
It's not even that I think I can do security better than $SERVICE, but I'm a much smaller target. I'm not as afraid of a targeted attack than I'm afraid of somebody compromising one of these focal points and then just lifting everything.
As such, I always very carefully weigh the benefits such a service can provide against how much work it would be to do it myself (which will likely produce a shittier result, but which will be fully under my control).
It's not even that I think I can do security better than $SERVICE, but I'm a much smaller target. I'm not as afraid of a targeted attack than I'm afraid of somebody compromising one of these focal points and then just lifting everything.