Someone could push a malicious update with a naive app too.
We do have plans to mitigate this. You can always self host it (we're partnering with some providers for a one click deploy). Also we want to do some stuff where it'll only update the wasm binary if it is signed by us.