> increasingly trust code they haven't personally reviewed

while the problems you describe are valid, my personal experience is fully opposite — trust is decreasing. I do not remember anyone worrying about supply chain 15ish years ago — windows was where the viruses lived, and unix people were installing distros, compiling kernel modules and building tarballs without auditing anything.