You are absolutely right, but as far as I remember, this project has never been involved in any scandals related to data loss or cybercriminal attacks in its entire history. I think this can already be considered proof of reliability.
It's reliable in general, but you also have to realize that projects that don't hit any attacks are weak projects, because some projects that are already very strong at this point are those that have hit specific attacks and challenges, so from that everyone can see how durable a project is when it overwrites certain problems on it.