yeah, correct. But a malicious bunker would flag itself as malicious very easily.

The popup is of the nsecBunker operator the user is using. It requires almost nothing more than supporting NIP-46, just a couple very simple modifications to the current spec.