Correct, you won't get malicious, unsigned packages to install without being warned first. But moving a level up (or down if you're really nerdy) when folks advise against doing anything sensitive or critical on a network outside your own control, I would think package management or software installation would be considered one of those things anyway.