Sure. This is a locally installed, native app. It can't be a single point of failure, as attacking it requires attacking every user individually. Unless someone attacks Github and uploads malicious binaries. I'll have to look into some code signing to deal with that...