This can be a sensitive issue for organisations of a certain size. Depending on how widespread and complex the trust relationship is, it may or may not be a threat. But I think one of the points that everyone is questioning is how the first attack vector can be initiated. I agree with what you're saying about the complexity of IAM and trust relationships in general.