Yes, dngray already stated them in this thread:
Yes.
These binaries are provided by anyone who are willing to build and submit them. Because these binaries are not necessarily reproducible, authenticity cannot be guaranteed.[1]
This is very serious for something which deals with sensitive data like banking, or whatever site you visit.
Italicized emphasis mine ↩︎