Shepherd auto-updates: it downloads newer versions of itself and its components by default and runs them. Grabbers tend to be very fragile: they break whenever the source web site changes. Auto-updating prevents this from leaving users with incorrect or no guide data, as your system receives fixes and improvements as the developers release them.
This represents an increased security risk to your system compared to most programs, because you are being asked not just to trust the code you install today, but also the updates Shepherd receives in the future. If you would like to reduce your security exposure, there are several things you can do.
The ideal solution is to allow Shepherd to run normally, but restrict it from doing anything abnormal. See Securing Shepherd with AppArmor for details.
Run as its own user
If you install Shepherd as its own user, it will be limited by the permissions of that user. If you do this, though, you'll need to switch to this user every time you want to manually execute Shepherd commands, because Shepherd won't allow itself to be manipulated by a user other than that used to install it.
(If you try, it will begin to install a new copy for the new user. And multiple copies of Shepherd can make life confusing.)
Turn off auto-update
When run with the --noupdate option, Shepherd will grab data but never update itself. This makes the security risk of running Shepherd the same as any other program.
The disadvantage is that if Shepherd breaks, you will need to detect this yourself and fix it manually (e.g. run it with the --update option).
This is not recommended, because bugfixes and improvements to Shepherd and its components are made available very frequently, and these improve the quality, quantity, and reliability of the guide data acquired. If you do choose to run Shepherd with --noupdate, we recommend that you periodically perform a manual --update in order to get these updates, even if your guide data seems fine.
See also: Security for Debian Based Distributions.