How can I know this module is not a backdoor?

A backdoor is a server-side script whose goal usually is to allow exploiters to execute server-side code in your game. There is no way for this module to do that if you only initialize it on the client.

How performant is the emit module?

I try to make the module have as little impact on performance as possible by using optimization tactics such as object pooling  and bulk CFrame movement. If you want to improve the performance of the module, contributions to the GitHub repository  are always welcome.