I had the same feeling, to be honest I just gave up caring about my Minecraft account. Mojang butchered their account system, Then butchered their own launcher. They went from a simple log in and play to this seemingly complex mash-up of features that barely anybody even needs thrust straight at you in an ugly way. 3rd Party launchers actually do this better, where you select what you want, and customisation is easily found, but optional.

Launcher aside, mods are easily able to have shady code in them anyway. I remember a server which required you to use a custom modded client which, upon decompiling, i found contained a nice FTP module inside its mandatory anticheat, allowing anyone with permission on the server to issue your client commands to retrieve anything from your minecraft directory.

The 3rd party launchers are a generation or two ahead of the stock launcher, historically the risk is about zero, and the gain is immense.

Technically, CPM 2.2 is much more secure than windows 8.1 but its not sweeping the market.