In the end it doesn't matter whether people download a docker file, a turnkey appilance or a "hel(l)per script" if they don't do their due dilligence.
Concerning trust I think the official docker Image of a Software is more trustworthy than a third-party-container or Script.
It doesn't matter though for people like the /r/homelab-Crowd, they won't listen to advice against trusting helper-acripts/turnkey-appilances or dockerfiles in any case.
This Problem is not pve-soecific though, lxd, truenas, unraid and incus have the same issues, which is more social than technical.