I'm not really convinced that having a few more libraries in the standard library or decentralizing the library repository is going to change much the risks