Actions runs from external contributors aren't run with Actions secrets; if you are using Actions right (i.e. not using pull_request_target wrong) you don't need to trust external contributors. (eta: iirc the original point of the Actions approval flow was preventing cryptomining spam from abusing free compute)
There are other stablecoins that aren't scams though, like USDC. I think Stripe would probably either create their own USD stable or partner with Circle.
Website: https://iter.ca
More ways to contact: https://iter.ca/p/accounts/
You may use the text of my comments under the terms of CC-BY-SA 4.0 (in addition to any other license you receive).
.