Torsocks is a project of the Tor Project, and its repository can be found on the official Tor Project site here: https://gitweb.torproject.org/torsocks.git
The Gentoo ebuild uses somebody's downstream personal GitHub repository instead of the official source.
Needless to say, using any unofficial sources (even from a repository that is "just a clone of the official source, trust me xoxo") is horrible security practice.
The package should be updated to use the code from the Tor Project instead of someody's personal downstream Github repo...
1) dgoulet is a Tor developer;
2) We have checksums for used versions (see the Manifest);
3) I'm not sure the upstream version actually existed back then.
But yes, it should be changed.