Yes, it is a risk. Same question partially answered here: https://bitcointalk.org/index.php?topic=315802.msg3910308#ms... . If project gets traction then most of the collected bitcoins will probably be stored in offline wallet (and hopefully 5% fees would allow to cover losses in case of a hot wallet hack).
update: fixed a mistake (online to offline)