Getting hacked is maybe a misnomer. Getting your system infected with malware is more accurate. And since most developers are not verified, you basically download files from an open file hoster where anyone can upload anything that does not trigger the Itch scanners - and what triggers and what does not trigger is trivial to find out by trial and error. So you can only go by trust. If anything looks even slightly suspicous, maybe wait a month or two and put it in a collection for later.
As a developer, you actually do face a threat that regular users to not encounter. Scams that target small time content creators. Those are regular scams like offering overprices services that do not deliver what is promised to targeted attacks with a social angle.