I don't see how you have to trust the server unless it's also serving the client bundle. There are many decentralized use cases where you might "bring your own client" (or maybe one trusted server gives it to you) and use the client to interact with other untrusted servers.

You can have a trusted client and an untrusted server.