The good thing about our approach is that you don't have to take my word for it. All of the code that handles Bitcoin is in uncompressed Javascript for everyone to inspect. You can also check network requests to see exactly what's happening. Of course you need to have some knowledge to perform this kind of audit, but if you don't, someone else will. We couldn't possibly try to do anything fishy here that would go undetected.