My lovely wife had this same question a while back. Its a sign of thinking more deeply about bitcoin and incentives.

The short answer is yes, they are a risk. There are many risks besides this one but this is a good one to think about.

The bitcoin core maintainers could go rogue or just change the project in some way that I do not like. We have seen how this plays out. The block size wars were an example of an effort to change the code. It resulted in a code fork to a new project. That project has largely failed in its goal to gain dominance. Why? Because people that run nodes chose to stay with the small block version of bitcoin. Node operators choose which release to run. Node operators are a check on the power of the maintainers and you can see that the maintainers are aware of this with how they take time to consider changes.

Lets talk about incentives. Are maintainers incentivized to make unpopular changes? No. If they have significant bags they will lose value if they increase distrust in the network by doing something shady. I believe this is a huge reason why bitcoin is so resistant to changes.

Lets say that some state actor gets control over one or a few maintainers. They get them to do something shady. Well, unless we get lazy and don't review the code as a community that could be a huge issue. I do think this is unlikely. We see open source projects getting slammed for code changes that have far less impact than bitcoin. If a coder were to do something sly to the code base I believe it would get called out very quickly. There are far to many developers who are incentivized to defend their wealth. A state actor would need to have leverage on a large number of devs, not just maintainers. I do not believe any state actor is this driven or organized. These same states can't stop much weaker actors doing things they don't like. I really think this is NOT the way to attack bitcoin

I believe the way states will attack bitcoin is at the edges. Attacking users by criminalizing our behavior. They may go after maintainers but I don't think they will try to mod the code. I think it is more likely they try to make contributing risky and impossible to do without anonymity. The good news is that I don't think this will happen in all states at the same time. If the US tries to do this their adversaries will be incentivized to support or at least "allow" bitcoin development and usage.

IMO the greatest risk to bitcoin is us. The plebs. We can't be weak, scared, or dumb. We have to remain vigilant and determined to be free. Not just for ourselves but for our descendants. These days I almost exclusively talk to younger people about bitcoin vs. people my age and older. I'm in my 40s. Younger folks seem to be much more open to the ideas and they will benefit from bitcoin more than we will.