I do agree on the second part though. There isn’t a problem with trade offs, but I think extending trust upward to other layers isn’t about extending it in totality (if that’s how I worded it), but with the specific trade offs that fits each users or institutions situation and environment.  

I think those trade offs and trust assumptions will simply change a lot based on the amount of risk (and thus amount of value), which seems also to make obvious sense.