App downloads and runs arbitrary executables
Currently F-droid allows free software wrappers to download and exexute arbitrary code. This is not only a free software issue, but a large security problem. While I don't expect F-droid to perform security audits on all software, there ought to at least be an extreme warning on packages that are known to do such tricks.
I suggest a warning such as,
Danger: This program is a POTENTIAL TROJAN. It is known to download and execute code that is outside the control of F-droid. Installing this app makes your device vulnerable to malicious and propriety software.
Then, if possible, the source of the payload should be shown to the user so they can make an informed choice about whether to trust or not:
Payload source: github.org/csploit/_core.tar.xz
Consider carefully if you fully trust the people who control this file and if the server is sufficiently secure from attack.
The warning should be at the top of the description and in bold, red letters. See the entry for Firefox for an example of the formatting that would be ideal.
As I said, I don't expect the F-droid project to audit the source code, but implementing this warning is needed before anyone else can perform an audit and share the results.
[Edit: title toned down]