Yes
Well yes, that’s always a risk when using third party code. It wouldn’t hurt to go through the code and check it isn’t doing anything harmful.
That’s not a malfunction of MAMP, that is cURL saying that whatever you want to connect to doesn’t have an SSL certificate that was signed by a trusted SSL signer. Best option here is to contact them and get them to install a proper certificates, especially now with free certs from parties like Let’s Encrypt.
Alternative you can tell cURL to ignore it, but I’d only use as a last resort when all else has failed.