To further clarify, but are you sure the port has vulnerabilities? according to this guys site he's going to be maintaining this official port.. it isn't being pulled directly from the chromium site but his own where he rolled his own distfile.
Do you believe he isn't backporting security/stability fixes for "free" users? because it certainly looks like that's his plan.
http://chromium.hybridsource.org/issues