Probably as trustless as is possible, but with the vulnerable to == trusting metric in mind:

  1. Did you read the code?
  2. Did you audit the compiler?
  3. Did you audit the operating system you're running it on?
  4. Did you audit the chips you're running the OS on?

It's also pretty common for even the most technical bitcoiners to go through a path of trusting certain components of the system before they have the time to fully understand them, and for less technical bitcoiners there are a lot of things they just have trust that a good enough number of devs have audited stuff.