Yeah, I thought as much. So more "social" engineering that possible exploits could makes us loose assets if we're not careful. Did see someone mention that a carefully crafted smart contract could trick the user, sending less assets that what he paid for, so there's that too.