at worst can break and make your wallet stop working
Well, to play devil's advocate, at WORST it can be maliciously made to misreport balances. That's where the trust comes in, that the blockchain reporting to mycelium is the same blockchain everyone else is working with.
Yes of course, but in the same breath you should mention that the moment you suspect something you can check your public keys on
https://blockchain.info and get a correct balance from them. In no way can the Mycelium server modify your balance on the block chain.
The real trust is that the code on your phone is honest since that holds your private keys and momentarily sees your paper wallet keys. That, however is verifiable since the code is published.