I will give my take because why not, however, I have not used NixOS so I can’t compare with that and can only talk about Arch.
I currently have 15 AUR packages and have had no issues so far with them. AUR packages are very transparent with installation process which makes them pretty secure in my book, the rest of the trust is in the developer of the software you are using which is separate from AUR. I will say that while this seems like a lot you get used to it pretty quickly and I like the level of control AUR offers over other methods.
But one thing to know about the AUR is the AUR doesn’t contain packages itself, more that it contains a collection of user made scripts to install packages from external sources such as github, gitlab etc. This is where the details on the PKGBUILD is important to know where the package comes from or what the install script will do on the system.
So one thing to check on AUR page is the upstream URL the package is coming from and inspecting the URLs in the PKGBUILD itself to make sure the software is coming from a legitimate source, legitimate as in from the developer you trust.
The comments can tell you if there is any issues with the package, the date of the package is useful as it’s best to avoid packages that are too old most of the time but I have never found packages out of date really.
The final thing is that while AUR packages are not official (As in official Arch repository) it is filled with official third party software too. For example Librewolf AUR packages are listed on the official Librewolf project website and the gitlab for the project, sometimes the developers themselves are the ones who made the PKGBUILD script on the AUR.
In terms of inspecting the PKGBUILD files I review the full thing every time I install new software for the first time, which doesn’t take long as they are mostly simple and short. And once the software is installed on the system, this quick check for differences is all I do with the package which is usually less than 15-20 seconds, everything else above this paragraph is mostly before installing a new package on your system. In terms of whether the AUR has been made more secure or streamlined, I can’t say as I have only been using Linux since June last year, but I assume it was always set up like this.
There is also this guide from Kresimir. I am linking this as it goes in to more details regarding, potential malicious commands to look for in PKGBUILDS.