Here’s an earlier thread on similar concerns (before there was Verified / check mark):
This is something I’m concerned about myself. I can’t believe there’s so little discussion or concern by others. Like … why isn’t “snapcrafters” publisher verified even? Why isn’t “brave” (brave browser) verified? Or “telegram.desktop”? Fear coursed through my veins as I read the publisher name for Audacity on a server I have in production – like oh crap, what mess did I just cause for myself after installing that? (This person claims to be the official publisher of snaps for Audacity, … though for what reason should I believe that to be true? After research, I did discover this person provides snap building service, so I’m no longer as concerned with this publisher, … but this cannot really be this haphazard, can it?)
Am I risking that the “telegram.desktop” publisher is not really Telegram, but just some bad dude trying to intercept private messages?
Or the snap, … geany-gtk. Is that really from the geany team? Looks like it. If it wasn’t an older version I might have installed it.
[Edited: word choice, and added geany as another example.]