One solution for this sort of problem is fully auditted code running on a server hosted by a third-party in a controlled and monitored environment
What third-party sets that up? Do you trust that they didn't install a back door? Who audits it? Do you trust them?
You're still left trusting somebody not to cheat.