There are two aspects to this.
By installing the custom firmware and packages and connecting your Humax to a network you are exposing new services to that network and potentially any connected network. Most of the software that has been packaged up has been chosen for its suitability for the embedded environment, i.e. size and required processing power, and not security. However, this is a consumer electronics device with a network port and you can guarantee that even the standard built-in services have not been built with more than a passing nod towards security. If that concerns you then you are plugging it into the wrong network! As long as you have a decent router/firewall between you and the Internet it should be fine. If you expose any of the ]Humax services (standard or custom) to the Internet then you need to make an assessment of the exposure. The remote scheduling portal means that most people don't need to allow incoming connections to their Humax.
The second aspect is that you are installing software written by a team of enthusiasts on a forum and unless you are able to audit what is being installed there is a certain level of trust that is required...