matrixfurry.com
(text originally from a DM)
Formulae are more like traditional linux packages, they describe how to build the software, so that a CI server can build it from source and then upload Bottles (binary packages) that people can download. That ensures that the author of the software can't inject malicious code into the binary, that wasn't present in the source code.
Casks on the other hand work more like package managers on other operating systems. They just download the binaries from the software author's CI (like GitHub/GitLab releases, or custom CI). Casks do have some benefits. It makes it much faster to add fully working packages to the repo, and can make it faster to update them.. But it's definitely nice to have the security benefits of Formulae, if we can handle the added maintenance cost, without disabling build options and losing application features.