Yes. Those repositories are not ok.
It’s corporate rule to not use any other repositories as those from Debian for the Debian servers. It is allowed to use backports.
There has been a problem some time ago where a package has been retrieved from a non-Debian repo that should not have been hosted there (new version of a library). IT security department wasn’t amused. Since then, only official Debain repos are allowed.
As far as I understand, when I add another repo it will trust all packages on the repo. Which might be a security issue if someone places unwanted stuff.