Dockerhub isn't vetted either. Dockerhub is major compliance risk. Too many images of questionable maintenance status and sometimes questionable build. Aside from maybe some base images I wouldn't pull anything from there for enterprise use. (For toying/experimenting around slightly different)
One can't rely on library updates being done, thus one has to have a build chain form many images.
