We are planning to use a non-HashiCorp provider from the Terraform Registry. Since we will be passing credentials to the provider, we would like to know if it is safe to use a non-HashiCorp provider in Terraform.
Assuming the provider is Open Source you are free to check the code to ensure it is passing whatever security requirements you have. In that regard it is no different to a provider published by HashiCorp themselves - you need to do your own due diligence to decide if they are trustworthy.
Got it, thanks Stuart