If a connector is developed by a third party, you should do your own security review before deploying into your tenant. There are safegaurds in place to protect access in IDN, but you need to understand what network resources and dependencies are being implemented to ensure the connector is safe to use and will not send data to untrusted locations.
This is not a full list of things to check, but reviewing the dependencies listed in the package.json and running an npm audit check, while also reviewing all network calls in the connector code would be the first things to look for.