pull down to refresh

Do I understand correctly that this requires a high level of trust in the paynym.is server?
Greg Maxwell (who has been in the news lately re: supply chain attacks) had this to say:
I support the goal. But this proposal is not well designed, and the way that it has been implemented in practice is by clients sending their scanning codes to third party servers; linking all of their payments-- a design flaw that was called out early in this (and related proposals lives). --Greg Maxwell, 2017-03-14
I'm still working my way through the BIP0047 spec so quite likely that I'm missing something here.
To be clear: my position on this is that even if a high level of trust is required, this news is still a net positive. On-chain privacy tools are close to non-existent, and a solution that requires trust in a third party is better than no solution at all.