hello, dswd. welcome to our forums. this may come as a surprise but you are really fucking dumb. sorry.
let's go through your dumb post:
1. an SCM where you can see per-changeset diffs somehow gives you no way to "review code changes" but downloading a huge-ass tarball once a few months with god knows how many changes instead does. this is profoundly retarded thing to say in itself, i mean it's just so fucking dumb it makes my head hurt.
i'm sure before updating the tarball-updater way you made a unified diff of tt-rss-old and tt-rss-new and went through it by hand, you luddite. that is, while actually being capable of understanding the actual changes and their underlying reasoning. otherwise you're just shitting me with all this crap about security issues you allegedly care so much about.
1A. as a sidenote, i have significant doubts that you have the capacity of reviewing shit. lol.
1B. i'm not going to get into the apparent false dichotomy of an SCM forcing you to do unattended upgrades for some reason because, well, why bother.
2. anyway, if you read the op before posting retarded shit itt, you'd know that "releases" in tt-rss sense had always been nothing more than trunk snapshots made when i sorta-kinda felt like it. i.e. the exact same fucking code committed by people with exact same commit rights (that is, me) only delivered to you at random intervals and in a highly inefficient way.
which brings us to 3:
3. so, i guess what i'm saying is, instead of trying to

recommend me anything

, you should stop and rethink your life of apparent ignorance and inability to reason which led you to the point whereas you made the above post in this here thread, forumposter dswd.
but wait, there's more:
4. fortunately, luckily for you, despite the absolute idiocy wrt anything related to securing your personal data, i can absolutely guarantee you that nobody in the world fucking cares about your rss feeds, so you are absolutely safe. so there's that at least. you can revel in joy being saved by your own insignificance.
i'm not sure why so many of your ~i'm gonna host my own shit for privacy and owning big corporations~ types are so hilariously dumb but lol if you think you're the first one and sadly i know you're not the last one.