Indeed. I try to do rigorous reviews of modules (too much spare time at work), but I don't have enough time to install them and test every feature. I just check for obvious security holes and API abuses. And of course, once you've published one module you can make more without any review at all.