Another factor is you have to completely trust or at least highly trust the team. I think being a "trust-based" wallet alone is a potential red flag already and you should think carefully before using them. Why? The developers can do a lot of changes in the wallet. I can't remember who said this but here's an example, the developers can ask you to pass KYC verification before you can access your funds again.
They can do much worse than arbitrarily demand KYC. They can use pre-generated seeds so they already know the private key to every address the wallet generates, or they can insert a few lines of code to an update that simply sends everything in the wallet to them. You have to trust them
completely.