This would be illegal in Germany where you must take notice of every email accepted by your email server. The junk folder doesn’t help because you would need to read through it nonetheless.
Using ECC is a no-brainer. Even the Raspberry Pi 4 has ECC RAM. It’s not particularly expensive and only a artificial limitation Intel has introduced for consumer products.
This is a problem with many package managers. Even if one downloads a package in Emacs from MELPA. How can one be sure it’s not containing malware? Read through all code every in every dependency after every update?