TL;DR: Don't think of the AUR as a package source, but as of an only mildly moderated, but ultimately free and open, sharing platform for PKGBUILDs, primarily useful for (self-)packagers, not necessarily non-technical end users.
Before the AUR, you had people individually hosting their PKGBUILDs anywhere, sometimes on GitHub or the BBS (yeah, it's been a while), sometimes along with a repository URL you could add to your pacman.conf to install packages right away, and it was glorious. I didn't have to write a working PKGBUILD myself from scratch, and I could decide if I trusted that particular packager to not screw me sideways with a pre-built package. An officialized "Trusted User" (TU) role emerged from this idea, which has recently been renamed to Package Maintainer (PM). This is fundamentally still how the AUR works, it just became much bigger, and easier to search for particular software. Packagers gift to you their idea of how software should be packaged, for you to expand upon, take inspiration from, or learn, or use as-is if you determine it to be good for your purpose.
The AUR is ultimately a great resource for packagers, and still useful for users, but "true end users" get the extra repository, and community, kind of, before that, and should try to avoid the AUR if they can, or at least be prepared to put in effort to establish trust, or get help.
A handful of Package Maintainers are manually adopting and subsequently vetting for sufficiently popular packages to move them from the AUR to the official extra repository, which is deemed safe to use as-is, on a best-effort basis. Obviously, this is a bottleneck, as it is not feasible for the few volunteering PMs to adopt and maintain 10k+ AUR packages and be held to any quality standard. That's why "you are on your own" with the AUR.
On the positive side, there's a voting system to determine package popularity. AUR packagers have a public list of maintained packages, and a comprehensive git commit history. Establishing trust is still crucial, and I feel hard pressed to name a reasonably popular/useful package that isn't already in extra or has been maintained in the AUR for a long time.
The biggest risk, IMHO, for malware getting slipped into a package is orphaning a popular package, and having it adopted by a malevolent user. This is something I personally look out for. If the maintainer changed, I make sure to check the commit history to see what they did. Most of the time it's genuine fixes, but if anything is changed without a damn good and obvious reason, hit up the AUR mods and ask for help. This is how malware is spotted. Also, typically only the version is bumped in a PKGBUILD on an update, which is a change I feel safe waving through, too. If the download URI changes, or patches are added, I do look at them to determine the reason, and if that isn't explained well enough to understand, that's a red flag. Better ask someone before running this.
source: personal involvement in Arch since 2002
inb4 "Archlinux snobs are gatekeeping packages"