The debate about F-Droid security and trustworthiness has been ongoing for a while now with passionate arguments on both sides, so I will let you go down that rabbit hole for yourself.

The main issue for me with F-Droid is having to trust not only the dev but also F-Droid. This is basic OPSEC. If you can get it from the source (GitHub usually) without also having to trust a 3rd party, then that is basic security practice. If the release is on GitHub, the Obtanium is just pulling from the repo.

If the dev releases the apk on F-Droid only, then that is the release repo (not GitHub/GitLab, Codeberg), straight from the dev. Using Obtanium, in this case, now introduces a third party, so while the risk is minimal compared to an alternative client like Neo Store, I still recommend following best OPSEC practices and just getting the apk from the source, which in this particular case is not Codeberg, or GitHub, or GitLab, but F-Droid. I already spoke about why I recommend F-Droid Basic in the post.

Here is more info on the subject: https://discuss.privacyguides.net/t/remove-note-about-getting-f-droid-apps-from-obtanium/14440