Yeah, this recommendation concerns me a little, especially since my biggest balances are AGS and we can't move those. I already imported my private keys so I hope these are just precautionary measures. Is this a real risk? Should I ?
There's a chain of trust involved in getting the software to you - if you're reading and compiling yourself, that's the shortest chain - you're just trusting the code I've published and that your own system isn't compromised.
If you're using the binaries, or relying on someone else to vet the code, that chain is longer, you're trusting the compiler isn't compromised, that his system/software isn't compromised, that the network isn't compromised, that github and that your own system isn't compromised.
We're looking at other ways to handle this private key issue that require less risk and trust.
For now, there is no reason to import AGS/MMC/PTS keys - those balances don't start maturing for another 2 months anyway.