Your primary concerns will be "is it ok if the user has my source code?" Usually it is fine, as users can deobfuscate things anyways.
That said, if you're using Sentry, you can actually use the releases API to avoid this problem. You'll still need to generate the artifacts, and set URLs (or something that the API can handle), but you don't have to expose them to the internet.
