Yes, the crowdsourced stuff is perfectly fine. When it's uploaded to The Vault, it goes through multiple mandatory checks - specifically, the file checksums are generated and checked against what's in Redump or No-Intro or whatever your specific section of The Vault uses.
Modifying even the smallest part of a file will cause its checksum to change. Changing that bit back to what it was before will make the checksum return to normal. You can test this yourself with a standard text file and WinMD5: https://www.winmd5.com/
It's impossible to "fake" modern checksum formats, and such the only way to have an identical checksum to the original file is for the file itself to be identical. If an uploaded ROM has a different checksum, The Vault rejects it and trashes it. Therefore, it's feasibly impossible for malicious data to be uploaded to The Vault through a crowdsourced ROM.
In short: Yes, it's fine.
""You should be happy. You're alive, and life is wonderful." - Ambertwo, PokÃ©mon The First Movie"
Any of the stuff uploaded via crowdsourcing is safe right? Does it go through any checks before being added to the vault?