I’m thinking about switching to a Firefox fork as a web browser. Apart from Tor, they’re all on AUR. I can’t use Tor all the time.
Do you consider that a security risk that’s worth worrying about? E.g. you could get a dodgy maintainer putting malware in it, as least theoretically.
Very confusing phrasing, but are you just talking about the stock Arch package repo? It’s as safe as I stalling the OS in the first place. The browser is as much a risk as any other package you’ve already installed from the main repo.
They’re referring to Firefox forks which are available only in the AUR and not from the main repos. In that case there can be a level of risk, but you can manually review the PKGBUILD of whatever package you end up installing to verify that it’s not doing anything fishy when pulling sources.
Apart from that, you may also want to look into potentially installing a Flatpak. This still comes with some risk if it’s not official (packaged and published by the original devs), but AFAIK there’s at least some sort of vetting process for packages to be accepted into Flathub.