As in, would they be able to access your server?
If you do not trust Tailscale as a company, here is an open source re-implementation of the server called headscale. Some/all clients are open source as well. So, you can review all components yourself or pay for a professional third-party review. Otherwise, if you take a binary blob from any origin, including Tailscale, and have it run with privileges on your server, there are few limits on what this blob can do. Yes, backdoors are technically possible, but probably bad for Tailscale’s business if that ever came to light.
I’ve never heard of professional third-party review of open source code. That’s a service people offer?
I’ve always wanted to do this however do I understand it correctly that I need to host headscale on a vps server that is not in my tailnet/home network?