If I was being a pedant I would have to note source code is not a compiled binary unless you repeated the process.
Anyway false positives happen all the time in ROM hacking, emulation, cheat making and flash cart circles.
Many tools are coded using rapid programming languages (visual basic being popular for much of the heyday, you only need the tool to work after all and if some scripting language can do it in minutes where some C coder is refactoring a table and contemplating inheritance because they made a wrong assumption 100 games earlier to ultimately accomplish the same task, albeit it takes 100 milliseconds to patch it rather than the 3 seconds of a clunky scripting language), are designed to edit other files, are possibly designed to edit other programs (possibly even running ones), sometimes are compressed, sometimes are encrypted...
To an overzealous anti virus heuristics scan, as often featured in unknown anti virus programs or ones that have since forgotten their history to make the scans that bit quicker, this is going to light it up like a Christmas tree -- rapid creation, infecting other files, protection against scanning tools via encryption and compression/packing...
Can't say there have never been viruses and such issues (gabsharky and mondayz, ds brickers, drama on game specific hacking forums where people did get their machines "ratted"*...) but it is super rare and romhacking.net does have a vested interest in keeping their stuff clean.
*seems to have dropped off again in popularity. Short for remote access tool aka in most cases you get someone to unknowingly install (mind helping me beta test this new version/fork) a VNC program (think teamviewer or anydesk but probably neither) or if slightly better then SSH.