The problem with official packages is update frequency. Being a version behind just won't cut it when the master server refuses the connection.
I don't think this is a real problem. Debian stable is out of question, but unstable can be updated quiet fast and if everything goes right a normal package migrates to debian testing after 10 days. This should not be a big problem (most unstable packages work with testing anyway). I don't how the (U,K,...)buntu stuff works. Maybee its a bit more complicated there.
The question of trust is an interesting one, but you must think it trough. If you don't trust the current volunteer package maintainer, compile your own spring. If you don't trust spring code, don't play spring. To think that "official repository" equals security is naive. Official repositories can and have been hacked, and don't think anyone will be reading each line of spring source looking for Tobi's hidden backdoor.
Maybee I didn't made my position clear. My concern is not only about hacking. This is probably the least critical point about an open source game.
There are a lot of additionall things:
- are rights set right? (For a bad example look at this link: http://it.slashdot.org/article.pl?sid=07/07/18/0319203
- can I be sure it will not overwrite/delete critical parts of my system (when I add and when I remove it)?
- will it put files in sane directories?
There is surely no way to be sure that everything is allright, but if a package follow an offical guideline the change is much higher.
The addtional big advantage is the fact that it will attract new players.