While this is indeed true, one needs to keep in mind that dpkg runs as root and that deb packages can have maintainer scripts included that get executed at package install time as root … Inside such maintainer scripts the person owning the PPA can pretty much do anything to the users system (install a keylogger to capture home banking password input, put some script in place to send all password databases on the system to a server, hook you up to a botnet etc etc)
So in conclusion PPAs require really a lot of (blind) trust that the PPA owner does not do anything of the above, unless you are capable and willing to inspecting all the source code inside such a PPA.
The confinement of snap packages makes such a scenario impossible …