Bro,
Personally, I don't trust any DLL file if it's not from a known source. The only DLL that's in use is the DynamicZone. It's better to be safe than sorry. Especially when you are dealing with financial stuff, we need to be triple cautious.
For that matter, I'm cautious of the external .ex4 file too, unless it's from this forum.
One simple suggestion is to have the hash (MD5 or SHA-1) file also released with the ex4 files if possible to make sure that the file is not tampered with by crooks. But i guess its lot of overhead for mrtools and other coders.
stay safe