If you wrote the client then they couldn't alter it, but then if you wrote the WWH site then they couldn't alter that either, so there's no difference.

If you're running code from a clone of somebody's git repo you're vulnerable to anything they did to that code, just as if you're running code from a web site you're vulnerable to anything they did in that site.

There are marginal differences, and I'm guessing the one you're really excited about is maybe the web site changes moment-by-moment to introduce and remove betrayal mechanics whereas your git clone doesn't change moment-by-moment. Of course that cuts both ways - bugs can be fixed in the site immediately and your clone doesn't magically get bugfixed.

But mostly I'm arguing these are the same problem: Do you trust some well-wisher who has seemingly no reason to betray you? You probably should, life is too short.

I'm worried about incentives and accidents. We've seen chrome plugins get sold to spammers after getting popular. We've seen AWS credentials accidentally leak into git repos. These are cases where the site might be ok one day and start serving something malicious the next. I do think installing a cli tool via your distro's package manager insulates you from these types of risks.

I would not let employees at my company use an externally hosted site like this to share secrets. I would have no problem if it were hosted internally by the company.