One security issue would be if someone slipped a specially crafted tarball into the upstream site: that tarball could maybe do bad things in a shell script that is extracting the version string. This would put the shell script and everything it uses into the "code should be secure against malformed input" category.
On the other hand, it is always nice to automate any kind of "do this scan periodically" process.
