or use legit develop sites, they are fine as well.
Know the developer you pulling down from either from experience or client feedback. Research the vendor basically. Mnay of my paid professional apps are direct from vendor downloads. I also use a few beta's at the moment. Not in store and not established yet. But....they have the credibility based on other user comments to rate the install and in most cases I have given them money to hopefully push them out from beta version 0.xxxxx to production release 1.xxx
Many legit sources I use have both app store and their own downloads. I always opt for the latter personally. Issue with the mac store is 2 fold. It does not get vendor given updates day 1. They clear a verification process. Vendors can and will have updates in site days before release on app store.
Apple store also will not supply apps that work at command line level in some way. Case of say BBedit, a text editor for mac os, I cannot get the CLI tools I use from the app store.
Case of CLI apps use good judgement. I use reputable developers. Strong github presence, found in published journal articles in some cases....all these and others ease some security concerns.
PLus there are always the old standby's. Like your basic MD5 hash checks. A 3rd party developer may (almost a should really) list the MD5 that they say the file should be. You double check this with what you have downloaded and move on from there.