Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.
The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...
Wrong, you still need to trust the developer of the wallet used for cold storage when generate bitcoin address, few possible attack such as :
1. Intentionally configure
k value on ECDSA, so attacker can compute private key once you send bitcoin
2. Bad PRNG/CSPRNG
Source/more info :
1.
https://bitcointalk.org/index.php?topic=883793.02.
https://eprint.iacr.org/2014/848.pdf