Of course you should pick the poison that matches your risk level. I agree that installing random ppas brings all sorts of risks, just like any other 3P code you install - pip/gem/npm-installed libraries, chrome extensions, etc. All these are real attack vectors.
My original point was that replacing your OS because you can't install Chromium seems ludicrous to me, when you can easily find alternatives.
My original point was that replacing your OS because you can't install Chromium seems ludicrous to me, when you can easily find alternatives.
Here's a few better options:
1) Use official packages from debian: https://askubuntu.com/a/1206153/161744
2) Use Pop!OS repositories (assuming you trust System76 folks):
3) Compile Chromium from source https://www.chromium.org/developers/how-tos/get-the-code