This is my biggest issue, it’s such a bare-faced lie!
It’s completely insane for the browser to need to trust the client. Instead, you implement zero-trust, and require authentication and authorization for anything sensitive.
The server absolutely shouldn’t trust the client isn’t malicious, instead it should assume it is malicious until proven otherwise
I don’t think that’s true.
I think this is useful unless your threat model doesn’t contain supply chain attacks by non-Google actors (which would be a pretty absurd position to take, there are plenty of malicious actors out there, Google aren’t the only one!)
It clearly helps to mitigate against some threats, and so makes sense as a mitigation in your threat model.
I agree that you may still want a mitigation against Google acting maliciously, but that doesn’t make this pointless.