Well, I'm not sure I qualify as "security expert" but I certainly am a "full-time security paranoic"
And as no one else seem to risk it, I downloaded and tested the miner as well as I could.
First, I used an online virus scanner to check the file.
The results are: 2/67 detected (
https://www.virustotal.com/#/file/74cfd6a34e158c2f5fe1b8422d6b8daee304394eeaf85992b117bf5de315d569/detection), which is actually an excellent result, given that the Claymore's miner gives 41/68 positives (
https://www.virustotal.com/#/file/7852c50c835d7110ab8d055cccad06674e94d85324414f91366852bed9be29cc/detection).
And even the open-source ethminer 0.12.0 gives 26/67 positives, which is ridiculous (
https://www.virustotal.com/#/file/4aa1082b5581540eced3acb18ee52cd06ee062772a5d386cf7501b2a8b7af094/detection)
So, I prepared a backup image of the SSD of my rig (in case that this new miner turn out to be malicious) and then ran it for about 18 hours while monitoring the PhoenixMiner.exe network, file system, and registry activity with Wireshark and some advanced system calls monitors. It connected to my mining pool as it should and then opened port 3333, which turned out to be the port for remote control similar to Claymore's miner. I disabled to remote port with the "-cdm 0" commnad-line switch and restarted the miner. Sure enough, this time port 3333 wasn't opened and the only connection was the one to my pool.
The first new connection was observed after 16 minutes of mining, which connected to another pool (ehtermine.org) and the miner showed that it was mining for developer fee. It disconnected after 35 seconds as advertised. After that I left the rig alone and analyzed the Wireshark and the other logs the next day.
The miner connected to the devfee pool every 90 minutes, with one exception when it wasn't able to connect to the ehtermine.org. It then tried again after 13 minutes and then resumed the normal 90 minutes period between devfee connections. No other network activity was recorded. The registry activity was also normal (no keys were created and no suspicious registry key reading was detected). Also, no files outside the current folder were opened or touched.
As for the mining speed, my rig has 6x ASUS Strix 570 OC (with BIOS mod) and under Claymore's miner it makes about 173 mhs. With Phoenix the speed was about 174.5 mhs, which is not much better but I guess is still something. The power consumption from the wall was about the same (755-765W). According the the pool, the speed was even better (169 vs 166 with claymore) but this doesn't mean much as I've seen this numbers change a lot without any apparent reason, so it would take some more time before declaring PhoenixMiner to be faster.
Of course, there is no guarantee that the PhoenixMiner won't "decide to go bad" at some point of the future, but right now it seems legit.
Some suggestions for the devs: the share difficulty is a nice touch but it would be better to directly show the number of blocks found. Most pools doesn't report this and even when they do, I'm always suspicions. Also, your miner does seem to be compatible with Claymore's manager, which is nice, but I hope that you will produce a better manager (and maybe even a mobile app for Android), because the claymore's manager is rather simplistic and I miss a lot of features.
), we print the difficulty to each found share and also the maximum difficulty of any found share. The nonce itself can be seen in the log file but it is not very interesting as what it matters is the difficulty of the found share. If it is bigger than the current difficulty of the coin that you mine, you have found a block! For example for Pirl the current difficulty is about 9.8 TH and the screenshot shows that the maximum difficulty of found share is 14.3 TH, so at least one block as found in the current mining session. 
Still, we thought that our time is best spent trying to improve the mining performance instead of trying to come up with a cool name