+1 for pfSense port.
Also, not sure how I feel about having this device as my primary DNS server for my entire internal network. What if the project gets compromised and injects a number of malicious DNS entries, now my entire network is toast?
You can always review the code for yourself over on our github repo (https://github.com/pi-hole/pi-hole)! As well as the devs, there are so many pairs of eyes on the code that if anything fishy were to happen, everyone would know about it (not to mention it would completely undermine the hard work we've put into it over the past couple of years!)
Updates are manual, too, so unless you intervene, there is no reason that a working system would suddenly become compromised, except if somebody had access to your network. But then you have a different issue...