I store a manifest file on GitHub that contains the version number of the latest release, and also the sha256 of the releases. They are signed with my personal Developer Apple ID (Guillaume Louel). Some generalities, both the screen saver and the Companion app are signed and notarized by/with Apple, as its now required. The honest answer would be that there are never any certainty when it comes to security.