I think it's great. You clone a git repository which is amazing since you can just pull in new commits to get updates. Then you read and understand the PKGBUILD. When you are satisfied that it's not malware, you basically just run makepkg and it does everything. Then you vote on the package so that it's more likely to be included in the official repositories in the future.
Depends on what you mean by "community". There used to be a repository named "community", it is now called "extra" and it is indeed an official repository.
It is maintained by a group of trusted users who need to be sponsored by at least two other maintainers. This creates a web of trust rooted at the Arch Linux developers.
The Arch User Repository is what I consider to be a "community" repository. It is essentially the programming language package manager model. You create an account and push whatever packagers you want.
