A lot of VPN products still depend on a very simple assumption: if the backend says something is valid, the app accepts it.
That is convenient, but it means users are trusting a lot of invisible infrastructure.
Why this is weak
The problem with blind trust is not that every backend is malicious. The problem is that strong security should not depend on a perfect environment.
Verification is better than assumption because it gives the app a way to reject bad data instead of hoping no one changed it.
What a better model looks like
A better model gives the app cryptographic proof and lets it verify before use. That is how you reduce the amount of blind trust built into the product.