Yep, but that's a problem with all package managers where users can publish their own code without auditing. Every app store has these problems. Both npm and pip have these issues too.
People shouldn't install unvetted binaries from random people. I wouldn't install random binaries that I've downloaded through a web browser---why would installing through snap be any different?