I believe that really depends on (a) how much harm it caused downstream, (b) how much of it is caused by your actions. Per Matt Levine's column today, it's not the whole problem that FTX had sloppy accounting – rather that SBF went around advertising the "sophisticated risk engine" which in reality was crap. This action accounts for fraud.
I don't see you being jailed for your random GitHub project being sloppy. However, if your closed source software that you advertise as 100% safe and secure gets used by a chemotherapy clinic, and then it comes out to be downright sloppy after killing 20 patients you may be accused of fraud. Anyway, not a lawyer so take it with a grain of salt.
I hope it also depends on a reasonable expectation of oversight and access controls when you're working in high-risk fields. Finance engineers should probably be expected to be familiar with laws concerning what they do.
I don't see you being jailed for your random GitHub project being sloppy. However, if your closed source software that you advertise as 100% safe and secure gets used by a chemotherapy clinic, and then it comes out to be downright sloppy after killing 20 patients you may be accused of fraud. Anyway, not a lawyer so take it with a grain of salt.