Ya, I'd build it myself if I wanted to rely on the security of it. We'd have no way to know if the source is the same in the Chrome Web Store as it is in the open source project sign we can't check the signature.