That's right, I was referring to the swapping implementation itself (if the service has access to the funds at any point in time) but we could definitely consider all closed source services as trusted, regardless of what the code is actually doing.