Do the unofficial builds get regular security updates, though? Even if they do, I don't think it's the best idea to rely on two independent developers at the same time, I'd rather not have multiple points of faliure.
Yes they do. At least the maintainer for the S8 releases them regularily.
That's not something i would worry about. When the unofficials get a stable state they're fine and only get the latest patches from LOS. I'm running customs since 8 years and i never had problems.
Since the latest release was in June i guess they added the latest security patches. Click on the download link, it will forward you to the github page. And since this rom has OTA updates they definitely incorporate patches