Trust is not an necessarily absolute concept. A procedure that significantly reduces the probability of adverse events can be useful even if it does not completely eliminate them, especially if the alternatives are much more costly.
It is easy to go overboard with suggested security measures, especially after witnessing breaches. Frankly, I am skeptical that we have the community resources at this point to implement serious auditing for a nontrivial set of packages, but that does not preclude a simpler mechanism from being immediately beneficial.