I am not sure I understand. If you don't trust the project to the point where you think they may inject malicious code into the local cargo config file, why would you trust the source code you are building?
At the end of the day, you build code to run it. If you don't trust the code you build, probably you should not build it in the first place?
At the end of the day, you build code to run it. If you don't trust the code you build, probably you should not build it in the first place?