I just asked myself how secure a Golang package is. Isn't it possible, that i.e. a database driver package gets compromised, and all my credentials are pushed through net/http to some external server?
I do read through the source code of any external package I use in Go.<p>I do the same thing in all languages.<p>That is why I tend to use as little external dependencies as possible.