Exactly!
I asked a CLN dev, and apparently CLN just trusts your block provider to validate and does minimal further parsing. That's exactly how to do it right.
Defense in depth is ok in some circumstances where downtime is acceptable. But Lightning isn't one of those circumstances because if you're down too long your counterparty can defraud you.