Should ROM flashers be more careful?

Technically speaking, A developer can simply put malware in his/her ROM and let others use it. Especially for online bankers, this could be a risk taken once you flash a ROM into your phone/tablet. Even unrooted Android phones can get malware from apps! What more the rooted ones? There is a discussion on this on XDA and I just want to share these concerns with everyone on Android Army. What do you think? Is ROM flashing that dangerous?