#KDE Upstream is having some very serious conversations about how to mitigate this issue, as are the folks that run #Pling (The host of store.kde.org) regarding reporting and review.
It is just important to remember that your machines security ultimately rests in your hands, safeguards can be put in place, and will be, but it's still your machine, and it's possible to break things, no matter the software developers intentions.