Apple doesn’t review it that thoroughly. They could easily send people’s credentials up to some server and Apple would likely not catch it.

What I mean is don’t just trust it because it’s in the App Store.

I personally use it because it has an active GitHub and is one of the more popular mobile clients. Also I don’t really care if my accounts get hacked in the first place lol so I’m also trying out Mlem beta and Wefwef. But even with that said I wouldn’t just try out any random new client that came along.

Also if it’s a desktop app they could just put the malicious code in the binary download 99% of people will use, or if it’s a web app, they just put it in their hosted version, etc.