“Open Source” isn’t a monolith: Each project is run differently and has different requirements for contribution. All changes on the main branch of an open source project or piece of software must meet the contribution requirements, so in general the group of people who manage the project have oversight and will only accept changes that they want, which means that if you trust the person or group of people that manage the project you can (generally) trust the project and resulting software as well.