OpenPLi also can not guarantee that Softcam will not contain exploits from its own feed.
We can guarantee that what is in our feeds is compiled by us, from a known and reliable source. If our oscam (or anything else) contains an exploit is is because someone added that to the oscam repository, open for everyone to see.
We also provide a 3rd-party feed, which contains ipk files on request of end-users. We don't have the source of these plugins, we haven't checked their contents, and their functionality. And they are provided as-is, without any support.