This technically does give them the ability to backdoor your system if they supply an "update" for something you have installed via another repo... but that is very far fetched, obvious to anyone paying attention, and would be hell for their PR for minimal gain.