The primary security concern here would typically be allowing users to sideload applications. The Microsoft store offers a level of review for apps that helps prevent problems that your users might not think of on their own. If they instead find and sideload apps outside of the store, they could pick something that is not trustworthy.
Those same concerns don't apply with the same gravity when it is your admins sideloading an app that has been purchased from a reputable provider for use within their organization. The sideloading procedure itself does not make an app inherently more vulnerable. In our case, it is the same app regardless of which method you use to deploy within Teams. The sideloaded version is just a white-label version that allows you to change the title and / or images used in order to brand it for your organization. It pulls up the exact same app logic and UI that is used in the version published through Microsoft's store.
Any potential or existing customer is welcome to do a security review of the app - in fact we'd encourage it as good practice. We can elaborate with more detail about data captured by the tool, if needed. None of that changes whether the store version or the side-loaded version is used. It shouldn't make any difference from a security perspective which deployment method is used, unless the organization has a specific policy about side-loaded apps for other reasons.