I think you guys are mixing up a few different things here.
There is one weak point here: you have to trust that the owner of a correctly-attributed bond key will actually construct a valid (protocol wise) bond transaction that transfers control to the owner_pubkey you requested. Given that you're also trusting this person to repay the bond, this is not necessarily a big deal, but it'd be nice to require it.
You have to trust the
issuer of a bond to repay it, but you should not have to trust the previous (or any other)
owner in any capacity.
The paragraph you quote is about the case where a pay-to-policy outputs are being claimed for the first time. At this time, the money is being claimed by the issuer. Later when the bond moves on the secondary market no trust is required.
This seems like a fair criticism. There are two parts to a typical bond transfer,
1) Owner #10 must create and sign a well formed BOND message to Owner #11
2) Owner #11 must create and sign bitcoins to Owner #10
They are done as part of the same transaction. P2P bonds are based on smart property, this page has detailed protocol descriptions that may make things clearer:
https://en.bitcoin.it/wiki/Smart_Property